ClawHub

ReadGZH -- 微信公众号文章 AI 阅读器

Security checks across malware telemetry and agentic risk

Overview

ReadGZH is a disclosed cloud connector for reading WeChat articles, with real privacy cautions because submitted links and converted content may be cached globally.

Install only if you are comfortable sending WeChat article links, request metadata, and any ReadGZH API key to ReadGZH's cloud service. Do not use it for private, tokenized, internal, regulated, or sensitive links because converted content may be permanently cached and visible to other users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (18)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README suggests a natural-language trigger phrase ('帮我读一下这篇文章...') that is very broad and overlaps with normal user conversation. In agent environments, overly generic invocation phrasing can cause accidental tool activation on ordinary chat content, leading to unintended fetching of external URLs and content processing without clear user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README explicitly states that article content is fetched through a server-side proxy and that converted articles are permanently cached and globally shared, but it does not prominently warn users about the privacy and data-retention implications. This can expose article URLs, contents, and access patterns to a third-party service and retain potentially sensitive material indefinitely.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The Chinese invocation example uses a very generic phrase ('help me read this WeChat article') that overlaps with normal assistant requests. In agent ecosystems where skills are auto-selected from natural language, this can cause the skill to activate unexpectedly and send user-supplied URLs to the external service without sufficiently explicit user intent for this specific integration.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The English invocation example is similarly broad and looks like an ordinary assistant prompt rather than a constrained skill trigger. This increases the chance of unintended skill invocation and external transmission of article URLs or related context to the service when the user may not realize a third-party tool is being used.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 方式一:GET 直接抓取(推荐 AI 使用)
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# 方式二:POST 抓取并缓存
Confidence
90% confidence
Finding
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \ -H "Authorization: Bearer <YOUR_API_KEY>" # 方式二:POST 抓取并缓存 curl -X POST "https://api.readgzh.site/rd" \ -H "Content-Type:

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Method 1: GET direct fetch (recommended for AI)
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# Method 2: POST scrape and cache
Confidence
90% confidence
Finding
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \ -H "Authorization: Bearer <YOUR_API_KEY>" # Method 2: POST scrape and cache curl -X POST "https://api.readgzh.site/rd" \

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "readgzh": {
      "url": "https://api.readgzh.site/mcp-server"
    }
  }
}
Confidence
88% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 方式一:GET 直接抓取(推荐 AI 使用)
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# 方式二:POST 抓取并缓存
Confidence
90% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# 方式二:POST 抓取并缓存
curl -X POST "https://api.readgzh.site/rd" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://mp.weixin.qq.com/s/xxxxx"}'
Confidence
91% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"url": "https://mp.weixin.qq.com/s/xxxxx"}'

# 读取已缓存文章(Markdown 格式)
curl "https://api.readgzh.site/rd?s=article-slug&format=text" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# 长文分页读取(第 2 部分)
Confidence
85% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# 长文分页读取(第 2 部分)
curl "https://api.readgzh.site/rd?s=article-slug&part=2" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# AI 智能摘要(Pro 专属)
Confidence
84% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# AI 智能摘要(Pro 专属)
curl "https://api.readgzh.site/rd?s=article-slug&mode=summary" \
  -H "Authorization: Bearer <YOUR_API_KEY>"
```
Confidence
87% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "readgzh": {
      "url": "https://api.readgzh.site/mcp-server"
    }
  }
}
Confidence
88% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Method 1: GET direct fetch (recommended for AI)
curl "https://api.readgzh.site/rd?url=https://mp.weixin.qq.com/s/xxxxx" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# Method 2: POST scrape and cache
Confidence
90% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# Method 2: POST scrape and cache
curl -X POST "https://api.readgzh.site/rd" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://mp.weixin.qq.com/s/xxxxx"}'
Confidence
91% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"url": "https://mp.weixin.qq.com/s/xxxxx"}'

# Read cached article (Markdown format)
curl "https://api.readgzh.site/rd?s=article-slug&format=text" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# Paginated reading (part 2 of long article)
Confidence
85% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# Paginated reading (part 2 of long article)
curl "https://api.readgzh.site/rd?s=article-slug&part=2" \
  -H "Authorization: Bearer <YOUR_API_KEY>"

# AI summary (Pro only)
Confidence
84% confidence
Finding
https://api.readgzh.site/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer <YOUR_API_KEY>"

# AI summary (Pro only)
curl "https://api.readgzh.site/rd?s=article-slug&mode=summary" \
  -H "Authorization: Bearer <YOUR_API_KEY>"
```
Confidence
87% confidence
Finding
https://api.readgzh.site/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal