DeepRead BYOK
Security checks across malware telemetry and agentic risk
Overview
This instruction-only DeepRead BYOK skill is coherent and disclosed, but users should understand it involves API keys, provider billing, document uploads, and an optional separate setup skill.
This skill appears safe to install as an instruction-only guide, but treat it as a credentialed third-party integration: use limited API keys where possible, set budget limits, review DeepRead and provider data policies, and separately review the optional OAuth setup skill before installing it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your provider account may be billed for document processing, and the connected key could have significant account authority depending on how it is scoped.
The skill requires use of a DeepRead API key and asks the user to connect a provider API key, which gives DeepRead/provider-side workflows billing and processing authority under the user's account.
Use your own OpenAI, Google, or OpenRouter API key for all DeepRead document processing. Your key, your billing, zero DeepRead LLM costs.
Use a restricted provider key if available, set spending limits, monitor provider usage, and delete or rotate the key if you stop using BYOK.
Documents you process may leave your local environment and be handled by DeepRead and the selected model provider.
The documented workflow sends local documents to DeepRead's API for processing, and BYOK routes LLM usage through the user's provider account.
curl -X POST https://api.deepread.tech/v1/process \ -H "X-API-Key: $DR_API_KEY" \ -F "file=@document.pdf"
Only process documents you are comfortable sending to DeepRead and the chosen provider, and review their data handling policies for sensitive or regulated files.
Installing the separate setup skill may grant additional authentication-related capabilities that were not reviewed here.
The reviewed skill is instruction-only, but it points users to install a separate setup skill that is not included in the provided artifacts.
For automated agent setup with OAuth device flow, install the dedicated skill: ```bash clawhub install uday390/deepread-agent-setup ```
Review the separate deepread-agent-setup skill and its requested permissions before installing it.