openclaw-knowledge-coach

This skill appears to do what it says (ingest local files and generate practice items), but be aware of two main issues before installing/using it: 1) Secrets and external providers: The SKILL.md expects LLM API keys (e.g., OPENAI_API_KEY) even though the registry metadata lists none. Supplying those keys will permit the 'praxis' CLI to send your local document contents to external LLM providers. If your files contain sensitive data, consider: (a) using a local/self-hosted LLM provider, (b) redacting sensitive fields before ingesting, or (c) running the tooling in an isolated environment. 2) Vet the dependency: The skill recommends pip installing 'openpraxis' or cloning the GitHub repo. Review the PyPI package source or repository (and its installation scripts) before running pip install, or install into a sandbox/virtualenv. Look for any post-install hooks or network calls in that project. Other practical advice: - Don’t set long-lived credentials in global shell profiles; prefer ephemeral tokens or project-scoped env vars. - Test with non-sensitive sample files first to confirm where data is sent and what telemetry the CLI emits. - If you need stronger assurance, ask the maintainer for an explicit list of data flows (what is uploaded to providers, what is kept local) or run the 'praxis' CLI under network monitoring to confirm behavior. Confidence in this evaluation is medium; additional artifacts that would raise confidence either way are: explicit declared required env vars in the registry metadata, an included install spec, or the openpraxis package source to inspect for network/telemetry behavior.