BaoziClaw
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
BaoziClaw appears intended for Solana prediction-market betting, but it exposes high-impact wallet actions through unsafe shell execution and unclear installation/credential boundaries.
Treat this as a Review item before installing. Only use it with an isolated Solana wallet, manually inspect every transaction before signing, and avoid granting wallet credentials until the author removes shell-string execution, pins the Baozi MCP dependency, and publishes consistent, complete artifacts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted market ID, query, or other argument could cause the local machine to run unintended commands instead of only calling Baozi.
Tool arguments are interpolated into a shell command and executed with exec; user-controlled strings can break shell quoting or alter the command.
const command = `npx -y @baozi.bet/mcp-server --tool ${toolName} --args '${JSON.stringify(args)}'`; ... await execAsync(command);Replace shell-string execution with execFile/spawn and an argument array, strictly validate all tool inputs, and require explicit user approval before any financial action.
Crypto and betting operations depend on external package behavior that may change or be fetched dynamically.
The skill runs an external npm package dynamically at tool-call time, while the registry declares no install spec or required binary; this leaves important runtime code outside the reviewed skill boundary.
npx -y @baozi.bet/mcp-server
Pin and vendor or explicitly declare the dependency, avoid npx runtime installs, and document the exact trusted package/version used.
If granted wallet authority, the skill could initiate or prepare actions that spend SOL or change account-linked market state without clearly documented safeguards.
These are wallet/account actions that can affect funds or market state, but the artifacts do not define credential source, signing flow, spending limits, or required user confirmation.
- **Betting**: Place SOL bets on boolean or race outcomes - **Winnings Claim**: Auto-claim resolved market payouts - **Market Creation**: Create new Lab markets (creator profile required)
Use only an isolated wallet, require manual transaction review/signing, set explicit spending limits, and declare all wallet/profile credential requirements.
Users may not be able to tell what capability they are really installing or reviewing, which is especially risky for a financial skill.
A packaged SKILL.md is still a placeholder, while the top-level description claims a complete prediction-market skill; other files also disagree about which tools are actually shipped.
Describe what your skill does here. ... ### example-tool ... Describe what this tool does.
Publish one consistent SKILL.md and entrypoint, remove placeholder/developer instructions, and ensure the packaged code matches the advertised tools.