critical
suspicious.exposed_secret_literal
- Location
- references/clawhub_publish_pack.md:243
- Finding
- File appears to expose a hardcoded API secret or token.
cascadeflow: Cost + Latency Reduction
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing and running the provider depends on code that is not included in the reviewed skill artifacts.
Why it was flagged
The runnable provider is installed from PyPI using a version range, while the skill package itself contains no code. This is central to the purpose and includes verification steps, but users should verify the external package.
Skill content
python -m pip install --upgrade "cascadeflow[openclaw]>=0.7,<0.8"
Recommendation
Install from the documented upstream source only, review the PyPI/GitHub package, and pin an exact version and hash where possible.
What this means
These keys can spend money or access provider accounts if mishandled.
Why it was flagged
The skill expects sensitive provider API keys and service auth tokens. This is purpose-aligned for an LLM provider, but registry metadata declares no required credentials.
Skill content
Provider key(s): `ANTHROPIC_API_KEY=...` and/or `OPENAI_API_KEY=...` ... Service tokens: `--auth-token ...` and `--stats-auth-token ...`
Recommendation
Use separate least-privilege/test keys, keep them out of source control, and rotate tokens if exposed.
What this means
Sensitive prompt content or metadata may be processed by the local CascadeFlow service and the configured LLM provider.
Why it was flagged
The data flow is disclosed and purpose-aligned, but user prompts and routing metadata pass through CascadeFlow and selected upstream model providers.
Skill content
OpenClaw sends requests to CascadeFlow through OpenAI-compatible `/v1/chat/completions`. CascadeFlow reads prompt context plus OpenClaw-native event/domain metadata
Recommendation
Avoid sending secrets in prompts, keep the service on localhost when possible, and use TLS plus strong tokens for any remote deployment.
What this means
OpenClaw cost displays or routing assumptions may not reflect actual OpenAI/Anthropic billing.
Why it was flagged
The example OpenClaw provider config declares zero model cost even though the setup uses paid upstream provider keys. This may be a placeholder, but users should not interpret it as free usage.
Skill content
"cost": {"input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0}Recommendation
Monitor upstream provider billing and CascadeFlow stats, and adjust local cost accounting if OpenClaw uses these fields for budgeting.
What this means
A background provider process may continue using API keys or serving requests until stopped.
Why it was flagged
The documentation includes an optional background mode that can leave the provider running after the setup command returns. It is disclosed and user-directed, not hidden persistence.
Skill content
nohup cascadeflow-gateway --port 8084 --mode agent --config examples/configs/anthropic-only.yaml > /tmp/cf.log 2>&1 &
Recommendation
Run in foreground during testing, know how to stop the process, and restrict network exposure before using background mode.