ClawHub

ReadGZH - WeChat Official Account AI Reader · 微信公众号文章 AI 阅读器

v1.3.6

让 AI 读懂微信公众号。自研 7 阶段提取管线,99.89% 穿透反爬,Token 消耗降低 50–87%。支持 ChatGPT、Claude、Perplexity、Gemini 等平台无缝引用。| Let AI read and understand WeChat Official Accounts. Sel...

2· 425·4 current·5 all-time
by@sweesama
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and included openapi.yaml all describe a cloud-based WeChat article scraping/reading API. The skill does not request unrelated credentials, binaries, or local system access — the declared capabilities align with the resources it references (api.readgzh.site).
Instruction Scope
The SKILL.md instructs the agent to ask the service to read WeChat article URLs and provides API endpoints. It does not instruct reading local files or environment variables. Significant behavioral notes: the service advertises a permanent, global shared cache of converted articles and a CDN image proxy — meaning content you send may be stored and served to other users indefinitely.
Install Mechanism
Instruction-only skill with no install spec and no code files executed locally. No on-disk installation or third-party downloads are requested by the skill package.
Credentials
The skill declares no required environment variables or credentials. The included OpenAPI docs, however, describe an optional API key (format 'Authorization: Bearer sk_live_...') and allow the key to be passed as a URL parameter (?key=...). This is optional but worth noting: using keys in query parameters risks leakage via server logs, referer headers, or shared URLs. No other unrelated credentials are requested.
Persistence & Privilege
The skill itself does not request persistent agent privileges (always:false). However, the service's business model (shared, permanent cache and CDN proxy) means user-submitted content may be persisted and publicly accessible by other users/agents. That's a remote persistence/privacy issue (not a local privilege escalation), and users should assume content sent to the API may become public.
Assessment
This skill is coherent with its stated purpose, but before you use it consider: 1) Anything you send (WeChat article URLs or content) may be scraped, cached permanently, and become accessible to others — avoid sending private, paywalled, or copyrighted content you don't want shared. 2) If you obtain an API key, avoid placing it in URL query parameters (the OpenAPI allows ?key=...) because that can leak to logs or referers; prefer Authorization headers. 3) Check the service's terms/privacy (https://readgzh.site/terms) and trustworthiness before sending sensitive material. 4) If legal/compliance or copyright is a concern, consider hosting your own scraping/processing or using an alternative that does not persist shared caches.

Like a lobster shell, security has layers — review code before you run it.

aivk97dz26ynpzknefqb7k114jvms82kqn5chinavk97dz26ynpzknefqb7k114jvms82kqn5latestvk973y6v2k5ky2y06582zr79ws183hnrsreadingvk97dz26ynpzknefqb7k114jvms82kqn5scrapingvk97dz26ynpzknefqb7k114jvms82kqn5wechatvk97dz26ynpzknefqb7k114jvms82kqn5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments