Description

Authenticate AI agents with the DeepRead OCR API using OAuth device flow. The agent displays a code, the user approves it in their browser, and the agent rec...

README (SKILL.md)

DeepRead Agent Setup

Name: DeepRead Agent Self Sign Up
Author: uday390

Authenticate AI agents with the DeepRead OCR API using the OAuth 2.0 Device Authorization Flow (RFC 8628). After setup, the agent has a DEEPREAD_API_KEY environment variable and can use the DeepRead OCR skill.

How It Works

The device flow lets headless agents (no browser) authenticate securely:

Agent requests device code  →  User opens URL in browser  →  User approves  →  Agent receives API key

Agent calls POST https://api.deepread.tech/v1/agent/device/code to get a device_code and user_code
Agent displays the user_code and a verification URL to the user
User opens the URL in their browser, logs in, and enters the code
Agent polls POST https://api.deepread.tech/v1/agent/device/token until the user approves
Agent receives an api_key (prefixed sk_live_) and stores it as the DEEPREAD_API_KEY environment variable

Only domain contacted: api.deepread.tech

Prerequisites

A DeepRead account (free at https://www.deepread.tech/dashboard/?utm_source=clawdhub)
Internet access to reach api.deepread.tech

Setup Instructions

Step 1: Request a Device Code

curl -s -X POST https://api.deepread.tech/v1/agent/device/code \
  -H "Content-Type: application/json" \
  -d '{"agent_name": "my-ai-agent"}'

The agent_name field is optional — it is shown on the approval screen so the user knows which agent is requesting access.

Response:

{
  "device_code": "GmRhmhcxhZAzk...EeNu5OfKhL79MQgN",
  "user_code": "WDJB-MJHT",
  "verification_uri": "https://www.deepread.tech/activate",
  "verification_uri_complete": "https://www.deepread.tech/activate?code=WDJB-MJHT",
  "expires_in": 900,
  "interval": 5
}

Tell the user (using the values from the response — they change every time):

Open {verification_uri} and enter code {user_code}

Or open this direct link: {verification_uri_complete}

Step 2: Poll for Approval

Poll every interval seconds (default: 5) until the user approves:

curl -s -X POST https://api.deepread.tech/v1/agent/device/token \
  -H "Content-Type: application/json" \
  -d '{"device_code": "GmRhmhcxhZAzk...EeNu5OfKhL79MQgN"}'

While waiting (user hasn't approved yet):

{
  "error": "authorization_pending",
  "api_key": null,
  "key_prefix": null
}

After user approves:

{
  "error": null,
  "api_key": "sk_live_abc123def456...",
  "key_prefix": "sk_live_abc123de"
}

The api_key is returned exactly once. The next poll after retrieval will return expired_token. Save it immediately.

If user denied:

{
  "error": "access_denied",
  "api_key": null,
  "key_prefix": null
}

If code expired (15 minutes):

{
  "error": "expired_token",
  "api_key": null,
  "key_prefix": null
}

Step 3: Store the API Key

Once you receive the api_key, set it for the current session:

export DEEPREAD_API_KEY="\x3Capi_key from response>"

To persist across sessions, the user should choose one of these options:

Method	Command	Security
Secrets manager (recommended)	Use your OS keychain, 1Password CLI, or `pass`	Encrypted at rest
Shell profile	User manually adds `export DEEPREAD_API_KEY="..."` to `~/.zshrc`	Plaintext file — readable by local processes

Important:

The agent should set the env var for the current session only (export)
Persistence is the user's choice — do not automatically write to shell profiles
Never commit the key to source control or write it to project files
The key prefix sk_live_ confirms it is a valid DeepRead production key

Step 4: Verify the Key Works

Submit a test document to confirm the key is valid:

curl -s -X POST https://api.deepread.tech/v1/process \
  -H "X-API-Key: $DEEPREAD_API_KEY" \
  -F "[email protected]"

A successful response returns a job ID confirming the key works:

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "status": "queued"
}

If the key is invalid you will get a 401 Unauthorized response.

Complete Flow (All Steps)

#!/bin/bash
# DeepRead Device Flow — complete example

# 1. Request device code
RESPONSE=$(curl -s -X POST https://api.deepread.tech/v1/agent/device/code \
  -H "Content-Type: application/json" \
  -d '{"agent_name": "my-ai-agent"}')

DEVICE_CODE=$(echo "$RESPONSE" | jq -r '.device_code')
USER_CODE=$(echo "$RESPONSE" | jq -r '.user_code')
VERIFY_URI=$(echo "$RESPONSE" | jq -r '.verification_uri')
VERIFY_URI_COMPLETE=$(echo "$RESPONSE" | jq -r '.verification_uri_complete')
INTERVAL=$(echo "$RESPONSE" | jq -r '.interval')

echo "Open $VERIFY_URI and enter code: $USER_CODE"
echo "Or open directly: $VERIFY_URI_COMPLETE"

# 2. Poll for token
while true; do
  TOKEN_RESPONSE=$(curl -s -X POST https://api.deepread.tech/v1/agent/device/token \
    -H "Content-Type: application/json" \
    -d "{\"device_code\": \"$DEVICE_CODE\"}")

  ERROR=$(echo "$TOKEN_RESPONSE" | jq -r '.error // empty')

  if [ -z "$ERROR" ]; then
    export DEEPREAD_API_KEY=$(echo "$TOKEN_RESPONSE" | jq -r '.api_key')
    echo "Authenticated. DEEPREAD_API_KEY is set for this session."
    break
  elif [ "$ERROR" = "authorization_pending" ]; then
    sleep "$INTERVAL"
  elif [ "$ERROR" = "slow_down" ]; then
    INTERVAL=$((INTERVAL + 5))
    sleep "$INTERVAL"
  else
    echo "Error: $ERROR"
    exit 1
  fi
done

Endpoints Used

Endpoint	Method	Auth	Purpose
`https://api.deepread.tech/v1/agent/device/code`	POST	None	Request device code + user code
`https://api.deepread.tech/v1/agent/device/token`	POST	None	Poll for API key after user approval
`https://www.deepread.tech/activate`	—	Browser	User opens this URL to enter the code and approve

No other endpoints are contacted by this skill.

Troubleshooting

"authorization_pending" keeps repeating

The user hasn't approved yet. Keep polling. The code expires after 15 minutes (expires_in: 900).

"expired_token"

The device code expired before the user approved, or the API key was already retrieved (one-time retrieval). Start over from Step 1.

"slow_down"

You're polling too fast. Increase the polling interval by 5 seconds.

"access_denied"

The user clicked Deny on the approval screen. Start over from Step 1 if the user wants to retry.

Key doesn't work after export

Ensure the shell session was not restarted. If persisting to ~/.zshrc, run source ~/.zshrc to reload.

"DEEPREAD_API_KEY not set"

The environment variable was not persisted. Re-run the device flow or manually set:

export DEEPREAD_API_KEY="sk_live_your_key_here"

Security Notes

The device flow follows RFC 8628
The user_code is short-lived (15 minutes) and single-use
The api_key is returned exactly once — subsequent polls return expired_token
All communication is over HTTPS
The agent sets DEEPREAD_API_KEY for the current session only — it does not write to disk
For long-term storage, prefer a secrets manager (OS keychain, 1Password CLI, pass) over plaintext shell profiles
Never commit the key to source control or write it to project files
The agent never sees the user's password

Support

Dashboard: https://www.deepread.tech/dashboard
Issues: https://github.com/deepread-tech/deep-read-service/issues
Email: [email protected]

Related DeepRead Skills

deepread-ocr — Extract text and structured JSON from documents — clawhub install uday390/deepread-ocr
deepread-form-fill — Fill any PDF form with AI vision — clawhub install uday390/deepread-form-fill
deepread-pii — Redact 14 types of PII from documents — clawhub install uday390/deepread-pii
deepread-agent-setup — Authenticate via OAuth device flow (this skill) — clawhub install uday390/deepread-agent-setup
deepread-byok — Bring Your Own Key for zero LLM costs — clawhub install uday390/deepread-byok

Usage Guidance

This skill appears to do exactly what it says: run the OAuth device flow against api.deepread.tech and set DEEPREAD_API_KEY for the current session. Before installing: ensure you trust the deepread.tech domain and want to grant it an API key; note the shell script requires curl and jq (not declared), and the Python script sets the env var only inside its process (to get an exported variable in your interactive shell, source the shell script). The code does not exfiltrate data to other endpoints and does not request unrelated credentials, but treat the returned sk_live_* key as sensitive and store it in a secrets manager if you persist it.

Capability Analysis

Type: OpenClaw Skill Name: deepread-agent-setup Version: 2.1.0 The skill bundle implements a standard OAuth 2.0 Device Authorization Flow (RFC 8628) to authenticate an AI agent with the DeepRead OCR API. It communicates exclusively with api.deepread.tech to obtain an API key and explicitly avoids automatic persistence to disk, leaving that choice to the user. The code in device_flow.sh and device_flow.py is transparent, well-documented, and lacks any indicators of data exfiltration or malicious execution.

Capability Assessment

ℹ Purpose & Capability

Name/description match the included code and instructions: both Python and shell implementations perform the OAuth 2.0 device flow against api.deepread.tech and return an api_key. One minor mismatch: the shell examples/scripts require curl and jq but the skill's declared required binaries list is empty.

✓ Instruction Scope

SKILL.md and the code instruct only calls to api.deepread.tech endpoints and local environment variable setting. The instructions do not request or read unrelated system files, secrets, or external endpoints.

✓ Install Mechanism

No install spec is present (instruction-only). Two helper scripts are included but nothing is downloaded from arbitrary URLs and no archive extraction occurs.

✓ Credentials

The skill requests no credentials and only produces a single environment variable (DEEPREAD_API_KEY) as expected for its purpose. There are no extra or unrelated env vars or config paths requested.

✓ Persistence & Privilege

always is false and model invocation is disabled (disable-model-invocation: true). The skill does not attempt to persist keys automatically or modify other skills or global agent settings.

Version History

v2.1.0

Added cross-links to all DeepRead skills (OCR, form-fill, PII, BYOK).

v2.0.4

## Version 2.0.4 Changelog - No file changes detected in this release. - Documentation, endpoints, and skill behavior remain unchanged.

v2.0.3

- Clarified that when instructing the user to approve, agents should show the actual values from the API response (`{verification_uri}`, `{user_code}`) instead of hard-coded examples. - No changes to functionality or code: documentation update only.

v2.0.2

- Refined API key storage: agent now only sets DEEPREAD_API_KEY for the current session and does not persist it to disk; users are advised to manually persist via secrets manager or shell profile if desired. - Updated documentation to clarify security best practices and user responsibilities for API key persistence. - Improved guidance on environment variable handling and made explicit the agent’s behavior regarding persistence. - Adjusted OpenClaw metadata to reflect actual environment variable output. - No changes to endpoints or device flow logic.

v2.0.1

Updated skills latest version.

v2.0.0

Version 2.0.0 of deepread-agent-setup is a major update that simplifies the agent authentication process using industry-standard device authorization. - Migrates agent authentication to OAuth 2.0 Device Authorization Flow (RFC 8628) for greater security and standardization. - Adds clear, concise documentation and full setup instructions for device flow authentication. - Introduces new example scripts: device_flow.py (Python) and device_flow.sh (bash). - DEEPREAD_API_KEY is now stored solely as an environment variable, with explicit security best practices. - All legacy and manual API references updated to reflect the new device flow and endpoint changes. - Improved troubleshooting and support documentation.

v1.0.5

Fix display name, bold all section headings, remove extra space after API Overview and Pricing headings

v1.0.4

Consistent UI: all section headings are h1 bold/big, all body text is normal weight, consistent spacing between every section

v1.0.3

Fix Agent Self-Signup table spacing, upgrade all section headings to h1 for bold/bigger rendering, add spacing throughout all sections

v1.0.2

Fix UI: add spacing between headings and tables in Supported Platforms and API Overview sections, separate Base URL and Auth lines, bold table headers

v1.0.0

- Initial release of DeepRead OCR Agent Self-Signup skill. - Enables zero-friction agent signup with device authorization—no dashboard or copy/paste required. - Provides 97%+ OCR accuracy via multi-model consensus and human-in-the-loop review. - Includes free tier: 2,000 pages/month, no credit card needed. - Supports major AI coding agents with clear setup and API usage instructions.

Metadata

Slug deepread-agent-setup

Version 2.1.0

License MIT-0

All-time Installs 2

Active Installs 2

Total Versions 11

Frequently Asked Questions

What is DeepRead Agent Self Sign Up?

Authenticate AI agents with the DeepRead OCR API using OAuth device flow. The agent displays a code, the user approves it in their browser, and the agent rec... It is an AI Agent Skill for Claude Code / OpenClaw, with 782 downloads so far.

How do I install DeepRead Agent Self Sign Up?

Run "/install deepread-agent-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DeepRead Agent Self Sign Up free?

Yes, DeepRead Agent Self Sign Up is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does DeepRead Agent Self Sign Up support?

DeepRead Agent Self Sign Up is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DeepRead Agent Self Sign Up?

It is built and maintained by DeepRead.tech (@uday390); the current version is v2.1.0.

More Skills

DeepRead Agent Self Sign Up