DeepReader
PassAudited by ClawScan on May 10, 2026.
Overview
DeepReader appears to be a coherent web-reading skill that fetches user-shared URLs and saves the extracted content to agent memory, with normal caution needed around automatic URL fetching and persistent memory.
DeepReader looks safe for its stated purpose of reading shared web links, but install it only if you want URL content automatically fetched and saved into agent memory. Be cautious with private or internal URLs, and treat saved webpage content as untrusted reference material.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a message contains a URL, the skill may make a network request to that site and process its returned content.
The generic parser fetches arbitrary supplied URLs. This is expected for a web reader, but it means linked sites are contacted from the user's environment.
response = requests.get(
url,
headers=self._get_headers(),
timeout=self.timeout,
allow_redirects=True,
)Use it for URLs you intend the agent to read, and avoid sending private, internal, or sensitive URLs unless you are comfortable with them being fetched and stored.
Prompt-injection text or misleading content from a webpage could be saved into memory and influence future agent behavior if later reused without caution.
The skill intentionally persists fetched web and social-media content into agent memory. That is disclosed and aligned with the purpose, but the content is untrusted and may later be retrieved as context.
Automatically detects URLs in messages, fetches content using specialized parsers, and saves clean Markdown with YAML frontmatter to agent memory.
Treat stored web content as untrusted source material, not instructions. Consider reviewing or clearing ingested memory when processing untrusted links.
Users have less external context for verifying the publisher, update history, or dependency provenance.
The registry metadata does not provide a source repository or homepage for provenance review. The provided code is coherent and the static scan is clean, so this is a supply-chain transparency note rather than a concern.
Source: unknown Homepage: none
Prefer installing from publishers you trust, and verify the package contents and dependencies if provenance matters for your environment.