openclaw-knowledge-coach
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but it imports personal documents through a third-party CLI and LLM providers, so users should scope what they ingest and verify the tools they install.
Before installing or using this skill, verify the OpenPraxis package source, use a dedicated API key if a cloud LLM provider is needed, and import only specific files or folders you are comfortable storing in a knowledge base. Avoid secrets and highly sensitive documents unless you understand where the data, generated exercises, review queue, and exports will be stored and how to delete them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives external code a role in processing local documents.
The main workflow depends on installing and running an external package that is not included in the reviewed artifacts.
OpenPraxis is on PyPI: use `pip install openpraxis` to get the `praxis` CLI.
Install only from a trusted environment, verify the PyPI package or GitHub repository, and prefer pinned or reviewed versions when handling sensitive documents.
The agent may process and create files based on local document paths the user provides.
The skill directs the agent to run CLI commands that read local files, generate exercises, chain IDs between commands, and export results.
Run this sequence when the user asks to import local knowledge and create practice: ... `praxis add "/absolute/path/to/note.md" --type report`
Approve specific files or folders before import, avoid broad paths containing secrets, and review export locations before writing output.
Using these keys can access paid provider accounts and may incur usage charges.
The workflow uses provider API credentials for LLM-backed ingestion or practice generation.
export OPENAI_API_KEY="your_key_here" # or ARK_API_KEY / MOONSHOT_API_KEY / DEEPSEEK_API_KEY based on provider
Use least-privilege or dedicated API keys, do not paste secrets into shared chats, and confirm the selected provider before processing private documents.
Private document content may remain searchable or reusable in future study sessions.
The skill intentionally stores and reuses document-derived chunks, exercises, and review data over time.
Ingest normalized records into the local OpenClaw knowledge base. ... Build review queue ... Schedule spaced review windows
Import only intended material, exclude secrets or highly sensitive files, and confirm storage, retention, and deletion behavior for the knowledge base.
Depending on the chosen provider, document-derived prompts or answers may be handled under that provider's policies.
The instructions make LLM provider configuration part of the ingestion and practice workflow, so provider data boundaries matter when processing personal documents.
Configure provider/model/API key before ingestion/practice: `praxis llm setup`
Choose the provider deliberately, review its privacy and retention settings, and use a local or privacy-preserving provider for sensitive documents.