diff --git a/letta/services/tool_executor/builtin_tool_executor.py b/letta/services/tool_executor/builtin_tool_executor.py
index b2ae6bb8..ea248bf3 100644
--- a/letta/services/tool_executor/builtin_tool_executor.py
+++ b/letta/services/tool_executor/builtin_tool_executor.py
@@ -320,12 +320,21 @@ class LettaBuiltinToolExecutor(ToolExecutor):
             String containing the webpage content in markdown/text format
         """
         import asyncio
+        from urllib.parse import urlparse
 
         import html2text
         import requests
         from readability import Document
         from trafilatura import extract, fetch_url
 
+        # Validate URL scheme - only HTTP and HTTPS are supported
+        parsed_url = urlparse(url)
+        if parsed_url.scheme.lower() not in ("http", "https"):
+            raise ValueError(
+                f"Invalid URL scheme '{parsed_url.scheme}'. Only 'http' and 'https' URLs are supported. "
+                f"Local file paths (file://) and other protocols cannot be fetched."
+            )
+
         # Try exa first
         try:
             from exa_py import Exa