Back to skill
Skillv1.1.0
ClawScan security
DeepRead Form Fill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 4:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required credential (DEEPREAD_API_KEY) are consistent with its stated purpose (upload PDFs + JSON to DeepRead's API and retrieve filled PDFs); nothing in the package suggests hidden or unrelated behavior.
- Guidance
- This package appears internally consistent and implements a simple client for DeepRead's form-fill API. Before using it, consider: (1) Trust and privacy — uploaded PDFs may contain sensitive PII, so verify DeepRead's privacy, retention, and encryption policies; (2) API key handling — treat DEEPREAD_API_KEY like any secret (use least-privilege / rotate keys and avoid embedding keys in shared environments); (3) Webhook caution — if you provide a webhook_url, results (including filled PDFs and reports) will be POSTed to that URL, so ensure the endpoint is HTTPS and validates requests to avoid accidental data exposure; (4) Verify provider — the package points to deepread.tech and a GitHub repo URL; if you need stronger assurance, inspect the upstream repository and privacy docs or test with non-sensitive sample forms first. The included scripts contact only api.deepread.tech and do not access other system secrets.
Review Dimensions
- Purpose & Capability
- okName/description match the requested environment variable and included code. The package and SKILL.md only describe interactions with api.deepread.tech and require DEEPREAD_API_KEY — exactly what a hosted form-fill service would need.
- Instruction Scope
- okSKILL.md and the provided scripts only instruct uploading a PDF and JSON fields, polling the job endpoint, and optionally setting a webhook_url. They do not instruct reading unrelated files, secrets, or system state. The webhook option legitimately posts results to a user-supplied URL (documented).
- Install Mechanism
- okNo install spec; this is instruction-plus-reference-implementations only. No downloads or archive extraction. Low installation risk.
- Credentials
- okOnly DEEPREAD_API_KEY is required and is clearly the primary credential for the described API calls. No unrelated credentials, config paths, or excessive env variables are requested.
- Persistence & Privilege
- okalways is false and disable-model-invocation is true (the skill will not be autonomously invoked by the model). The skill does not request persistent system privileges or modify other skills' configs.