Curriculum Designer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is broadly aligned with curriculum creation, but users should notice its local API key use, persistent checkpoints, fixed Google Sheet output folder, and reliance on a helper script outside the provided files.
This skill appears reasonable for creating curricula, but before installing or running it, verify the referenced helper script, use a restricted YouTube API key, confirm the Google Drive output folder and sharing settings, and periodically delete old checkpoint files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the script is run, part of its behavior depends on local helper code that is not packaged with this skill.
Running the included script would execute helper code from outside the provided skill files; the manifest only lists SKILL.md and curriculum-designer.sh, so that helper is not included in the reviewed artifacts.
source "$SCRIPT_DIR/../../scripts/checkpoint-helpers.sh"
Verify that the referenced helper is the expected OpenClaw checkpoint helper, or ask the publisher to bundle or clearly document the dependency.
The YouTube API key may consume quota on the associated Google project if the skill performs searches.
The skill asks for a local YouTube Data API key for resource searches. This is aligned with its YouTube research purpose, but it is still credential use the user should notice.
**API Keys:** Stored locally in `~/.openclaw/workspace/skills/curriculum-designer/.env` ... `YOUTUBE_API_KEY=your_key_here`
Use a restricted YouTube Data API key with appropriate quota limits, and avoid placing broader Google credentials in the .env file.
POD details and curriculum context may remain on disk and stale or modified checkpoint files could influence later outputs.
Checkpoint files persist requirements, research results, and curriculum state, and the workflow trusts those files on reruns.
Each stage saves its output to a checkpoint file ... If checkpoint exists, stage loads it and skips processing
Keep the checkpoint directory private, review checkpoint contents when resuming, and delete old sessions when they are no longer needed.
Generated curriculum content and POD context may be stored in a Google Drive location whose access depends on that folder's permissions.
The workflow intends to write the final output to a Google Sheet in a fixed cloud folder, but the artifacts do not describe that folder's ownership or sharing permissions.
Stage 5 | Create Google Sheet | `final-sheet-url.txt` ... **Output Folder:** `1upJQu-IVmZRJQsNGmJNRzq9IwL67MVL9`
Confirm the Google Drive folder is under the intended account and has appropriate sharing settings before creating final sheets.