ClawHub

DeepRead Agent Self Sign Up

v2.1.0

Authenticate AI agents with the DeepRead OCR API using OAuth device flow. The agent displays a code, the user approves it in their browser, and the agent rec...

2· 691·2 current·2 all-time
byDeepRead.tech@uday390
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and instructions: both Python and shell implementations perform the OAuth 2.0 device flow against api.deepread.tech and return an api_key. One minor mismatch: the shell examples/scripts require curl and jq but the skill's declared required binaries list is empty.
Instruction Scope
SKILL.md and the code instruct only calls to api.deepread.tech endpoints and local environment variable setting. The instructions do not request or read unrelated system files, secrets, or external endpoints.
Install Mechanism
No install spec is present (instruction-only). Two helper scripts are included but nothing is downloaded from arbitrary URLs and no archive extraction occurs.
Credentials
The skill requests no credentials and only produces a single environment variable (DEEPREAD_API_KEY) as expected for its purpose. There are no extra or unrelated env vars or config paths requested.
Persistence & Privilege
always is false and model invocation is disabled (disable-model-invocation: true). The skill does not attempt to persist keys automatically or modify other skills or global agent settings.
Assessment
This skill appears to do exactly what it says: run the OAuth device flow against api.deepread.tech and set DEEPREAD_API_KEY for the current session. Before installing: ensure you trust the deepread.tech domain and want to grant it an API key; note the shell script requires curl and jq (not declared), and the Python script sets the env var only inside its process (to get an exported variable in your interactive shell, source the shell script). The code does not exfiltrate data to other endpoints and does not request unrelated credentials, but treat the returned sk_live_* key as sensitive and store it in a secrets manager if you persist it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782v53rad7c5kwee5r1wgdz983zrpc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments