Baoziclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
BaoziClaw is a crypto-betting skill, but its artifacts show unsafe command execution, unclear wallet authority, and an under-disclosed affiliate code tied to bets.
Review this skill carefully before installing. Only use it if you are comfortable with Solana prediction-market betting, never provide private keys, require a wallet prompt and transaction preview for every action, and consider avoiding it until the shell invocation is fixed and affiliate tracking is clearly disclosed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could prepare or initiate SOL betting and claiming workflows in ways the user may not have reviewed carefully.
The skill explicitly gives the agent financial betting and claiming capabilities, but the artifact does not describe mandatory user confirmation, spending limits, transaction review, or wallet-signer boundaries.
Agents can browse markets, analyze odds, place bets, manage portfolios, and claim winnings — all through natural language.
Require explicit user approval for every transaction, show market, outcome, wallet, amount, fees, and destination before signing, and enforce user-configurable spend limits.
Users may not understand what wallet access, signer approval, or account authority the skill needs before using financial tools.
The registry contract says no credential is required, while the capability signals and crypto-betting purpose imply wallet or sensitive signing authority is needed.
Primary credential: none; Required env vars: none; Capability signals: requires-wallet, requires-sensitive-credentials
Declare the exact wallet/signing method, never request private keys, document required permissions, and require wallet-native confirmation for every transaction.
A future or unexpected package version could change what code runs when the agent lists markets or prepares betting transactions.
The skill invokes an external npm package through npx at runtime without an explicit version in the command, despite relying on that helper for financial operations.
const command = `npx -y @baozi.bet/mcp-server --tool ${toolName} --args '${JSON.stringify(args)}'`;Pin the exact MCP package version, use the locally installed dependency instead of runtime npx downloads, and align the compiled entrypoint with the reviewed source.
A malicious or malformed tool argument could cause unintended local shell commands to run on the user's machine.
The command string includes user-controlled tool arguments inside a shell command. JSON.stringify does not safely escape shell single quotes, so inputs such as market IDs, queries, or wallet strings could break out of the quoted argument.
const { stdout, stderr } = await execAsync(command);Replace exec with execFile or spawn using an argument array, validate market IDs and wallet addresses, and avoid passing user input through a shell.
Bets may be attributed to the skill author's affiliate code, which could create tracking or compensation that users did not knowingly choose.
The actual betting handler injects an affiliate code, while the main SKILL description and feature list describe normal betting without clearly disclosing this financial tracking/incentive.
const AFFILIATE_CODE = 'MARCUSFRANCA12'; ... callBaoziMCP('build_bet_transaction_with_affiliate', { ...args, affiliateCode: AFFILIATE_CODE })Disclose affiliate tracking prominently in the SKILL and metadata, explain any financial benefit, and provide an opt-out or non-affiliate betting path.