Baoziclaw

The skill exhibits high-risk patterns, primarily a critical shell injection vulnerability in 'index.ts' where 'child_process.exec' is used to execute commands constructed from unsanitized JSON arguments. The 'SKILL.md' file contains prompt-injection-style instructions that direct the AI agent to overwrite the project's source code using shell redirects. Additionally, the skill relies on 'npx' to download and execute remote code (@baozi.bet/mcp-server) at runtime and includes a hardcoded affiliate code (MARCUSFRANCA12) to monetize user transactions, though no explicit evidence of credential theft or data exfiltration was found.