DeepRead Agent Self Sign Up
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward DeepRead OAuth setup helper, but it creates a live API key that users should protect.
Use this skill only if you intend to authorize an agent for DeepRead. Complete the browser approval yourself, keep DEEPREAD_API_KEY out of source control and logs, prefer a secrets manager over a shell profile for persistence, and avoid uploading sensitive files just to test the key.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approving the device flow gives the agent a DeepRead API key that can be used to access DeepRead OCR services under the user's account.
This shows the skill intentionally creates and stores a live DeepRead API credential. That is expected for the stated authentication purpose and is user-approved, but the key should be treated as a secret.
Agent receives an `api_key` (prefixed `sk_live_`) and stores it as the `DEEPREAD_API_KEY` environment variable ... Persistence is the **user's choice** — do not automatically write to shell profiles
Approve only if you want this agent connected to DeepRead, store the key in a secrets manager when possible, avoid committing or sharing it, and use a non-sensitive file when testing.