All articles

Run Skim from AWS AgentCore

One tool file, one secret, clean web reads from any hosted agent.

Amazon Bedrock AgentCore is AWS's managed home for production agents: you write agent code in the framework of your choice — Strands, LangChain and LangGraph, CrewAI, OpenAI's Agents SDK — and AgentCore Runtime hosts it in a serverless container with identity, memory, and observability handled for you. AWS is also a member of the x402 Foundation, and CloudFront can now charge agents for content over x402 — so an agent on AWS that pays per call is not exotic; it is where the platform is heading.

Giving an AgentCore agent clean web reads via Skim takes one tool file and one secret. No AgentCore Gateway target, no OAuth provider, no API key rotation — Skim has no accounts to integrate with. The tool pays $0.002 per read in USDC over x402, straight from a wallet you control.

1. Write the tool

AWS's own tutorials use Strands, so here is the Strands version. The payment-aware session comes from the official x402 Python SDK; everything else is a normal tool definition.

# skim_tool.py — a paid web-read tool for a Strands agent
# pip install strands-agents "x402[evm]" requests eth-account
import os
import requests
from strands import tool
from x402 import x402ClientSync
from x402.client import max_amount
from x402.http.clients.requests import wrapRequestsWithPayment
from x402.mechanisms.evm.exact.register import register_exact_evm_client
from x402.mechanisms.evm.signers import EthAccountSigner
from eth_account import Account

account = Account.from_key(os.environ["SKIM_WALLET_PRIVATE_KEY"])
_client = x402ClientSync()
register_exact_evm_client(
    _client,
    EthAccountSigner(account),
    # Per-call cap in USDC atomic units (6 decimals).
    # 20_000 = $0.02 covers every Skim endpoint.
    policies=[max_amount(20_000)],
)
session = wrapRequestsWithPayment(requests.Session(), _client)


@tool
def skim_read_url(url: str) -> dict:
    """Fetch any web page and return clean Markdown plus metadata.

    Strips ads, navigation, scripts, and trackers. Costs $0.002 in
    USDC, paid automatically over x402. Use whenever you need to
    read, summarize, or analyze a URL.

    Args:
        url: Absolute https URL of the page to read.
    """
    r = session.post(
        "https://skim402.com/api/v1/read",
        json={"url": url},
        timeout=30,
    )
    r.raise_for_status()
    return r.json()

2. Hand it to the agent

# agent.py — the AgentCore entrypoint
from strands import Agent
from skim_tool import skim_read_url

agent = Agent(
    system_prompt="You are a research assistant that reads the live web.",
    tools=[skim_read_url],
)

Deploying is unchanged from any AgentCore project: scaffold and ship with the AgentCore CLI per AWS's getting-started guide. The Skim tool adds three pip dependencies and one environment variable to that flow.

3. Keep the key out of the container

The wallet's private key belongs in a managed secret, not in your image or your repository. Store it in AWS Secrets Manager or Parameter Store and inject it as the SKIM_WALLET_PRIVATE_KEY environment variable at deploy time. Two habits keep this boring: use a dedicated wallet that exists only to pay for reads, and keep only a small float in it — a few dollars of USDC on Base covers thousands of pages. The key is only ever used to sign transfer authorizations locally inside your container; it is never sent to Skim or anyone else.

Already on LangChain, CrewAI, or LlamaIndex?

AgentCore hosts those frameworks too, and Skim publishes official connectors for each — the tool above already written, tested, and on PyPI:

# Using LangChain / LangGraph inside AgentCore instead?
pip install langchain-skim        # LangChain / LangGraph
pip install crewai-skim           # CrewAI
pip install llama-index-readers-skim  # LlamaIndex

# Each ships a ready-made tool that reads
# SKIM_WALLET_PRIVATE_KEY from the environment:
from langchain_skim import SkimReader
reader = SkimReader()

A note on AgentCore Gateway

If your team routes all tools through AgentCore Gateway, you might look for a Skim "target" to configure. There isn't one to set up, and that is the point: Gateway targets exist to manage the credentials of services that need them — OAuth flows, API keys, signed requests. Skim has no credentials to manage. The payment is the authentication, and it lives inside the tool call itself. Run the tool directly in your agent code and skip the ceremony.

Full API reference and response shapes are in the docs, and if the agent's wallet is the last missing piece, the wallet setup guide covers it in five minutes.