The robot is interesting and I found a few potential security issue while reading the source code.

In code here, openai_api_key is directly printed, this could potentially leak the key as decribed in (CWE-532)[https://cwe.mitre.org/data/definitions/532.html]. The print statement could be redacted or set to be read only?

A similar issue is here, the sensitive data is directly written into local file. A more secure way like setting the file only accessible to the current user or keeping the key in memory-only could be used.