npm - @acedatacloud/skills - Versions diffs - 2026.621.4 → 2026.621.5 - Mend

@acedatacloud/skills 2026.621.4 → 2026.621.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/package.json +1 -1
package/skills/cloudflare/SKILL.md +75 -0
package/skills/figma/SKILL.md +68 -0
package/skills/google-ads/SKILL.md +65 -0
package/skills/google-analytics/SKILL.md +68 -0
package/skills/google-docs/SKILL.md +61 -0
package/skills/google-search-console/SKILL.md +70 -0
package/skills/google-sheets/SKILL.md +75 -0
package/skills/microsoft-excel/SKILL.md +71 -0
package/skills/microsoft-teams/SKILL.md +56 -0
package/skills/microsoft-todo/SKILL.md +58 -0
package/skills/sentry/SKILL.md +80 -0
package/skills/tiktok/SKILL.md +63 -0
package/skills/vercel/SKILL.md +77 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@acedatacloud/skills",
-  "version": "2026.621.4",
+  "version": "2026.621.5",
   "description": "Agent Skills for AceDataCloud AI services — music, image, video generation, LLM chat, web search. Compatible with Claude Code, GitHub Copilot, Gemini CLI, OpenAI Codex, and 30+ AI coding agents.",
   "keywords": [
     "agent-skills",

package/skills/cloudflare/SKILL.md ADDED Viewed

@@ -0,0 +1,75 @@
+---
+name: cloudflare
+description: Manage Cloudflare zones, DNS records, cache purge and Workers via the API v4. Use when the user mentions Cloudflare, a DNS record on a Cloudflare-hosted domain, purging / clearing the CDN cache, a zone's settings, WAF / firewall rules, or listing Workers.
+when_to_use: |
+  Trigger when the user wants to list Cloudflare zones, read or change
+  DNS records, purge the cache, inspect Workers, or review firewall
+  rules. The connector stores a scoped Cloudflare API token; confirm
+  before any write (DNS create/update/delete, cache purge) and prefer
+  the smallest-blast-radius action.
+connections: [cloudflare]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Call the **Cloudflare API v4** with `curl + jq`. The user's **scoped** token is
+in `$CLOUDFLARE_API_TOKEN` (optionally `$CLOUDFLARE_ACCOUNT_ID` /
+`$CLOUDFLARE_ZONE_ID`); every call needs `Authorization: Bearer
+$CLOUDFLARE_API_TOKEN`. Base URL: `https://api.cloudflare.com/client/v4`.
+Every response has `{"success": bool, "errors": [...], "result": ...}`. On
+`success:false` show `.errors` verbatim. `403`/`9109` means the token lacks the
+permission for that resource → the user must re-mint the token with the right
+scope (zone DNS edit, cache purge, etc.).
+```bash
+AUTH=(-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN")
+API="https://api.cloudflare.com/client/v4"
+# Zones the token can see
+curl -sS "${AUTH[@]}" "$API/zones" | jq '.result[] | {id, name, status, plan: .plan.name}'
+```
+## DNS records
+```bash
+ZONE="${CLOUDFLARE_ZONE_ID:?set or pick from the zones list}"
+# List (filter with ?type=A&name=foo.example.com)
+curl -sS "${AUTH[@]}" "$API/zones/$ZONE/dns_records?per_page=100" \
+  | jq '.result[] | {id, type, name, content, proxied, ttl}'
+# Create (confirm first)
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"type":"CNAME","name":"www","content":"example.com","proxied":true}' \
+  "$API/zones/$ZONE/dns_records" | jq '.success, .result.id'
+# Update PATCH /dns_records/{id} ; delete DELETE /dns_records/{id}
+```
+## Purge cache (confirm first)
+```bash
+# Targeted purge by URL (preferred); use {"purge_everything":true} only if asked
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"files":["https://example.com/path"]}' \
+  "$API/zones/$ZONE/purge_cache" | jq '.success'
+```
+## Workers & firewall
+```bash
+ACCT="${CLOUDFLARE_ACCOUNT_ID:?needed for account-scoped resources}"
+curl -sS "${AUTH[@]}" "$API/accounts/$ACCT/workers/scripts" | jq '.result[] | {id, modified_on}'
+# Firewall / WAF custom rules live under /zones/$ZONE/firewall/rules and rulesets.
+```
+## Gotchas
+- Insist on a **scoped API token**, never the legacy Global API Key (the connect
+  form's help says so) — a Global Key can do anything on the account.
+- `proxied:true` = orange-cloud (CDN/WAF on); `false` = DNS-only. Changing it can
+  break TLS/origin expectations — confirm intent.
+- Account-scoped calls (Workers, some analytics) need `$CLOUDFLARE_ACCOUNT_ID`;
+  zone-scoped calls need a zone id (pick from `/zones` if env unset).

package/skills/figma/SKILL.md ADDED Viewed

@@ -0,0 +1,68 @@
+---
+name: figma
+description: Read Figma design files, nodes, rendered images and comments via the Figma REST API. Use when the user mentions Figma, a figma.com file link, implementing a design as code, extracting design tokens / colors / spacing, or summarizing comments on a design.
+when_to_use: |
+  Trigger when the user shares a Figma file URL or wants to read a
+  design — get the document tree / a specific frame, render a node to
+  PNG/SVG to "see" it, extract styles / tokens, or read comments.
+  Read-only. The file key comes from the Figma URL the user pastes.
+connections: [figma]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Read **Figma** via `curl + jq`. The user's OAuth bearer token is in
+`$FIGMA_TOKEN`; every call needs `Authorization: Bearer $FIGMA_TOKEN`. Base URL:
+`https://api.figma.com/v1`.
+Failures are `{"status":<code>,"err":"..."}` — show `err` verbatim. `403` means
+the token lacks the scope or the file isn't shared with the user. `404` = bad
+file key.
+The **file key** is the `figma.com/file/<KEY>/...` or `figma.com/design/<KEY>/...`
+segment of a pasted URL. A **node id** is in `?node-id=1-23` (Figma shows `1:23`;
+the API also accepts `1:23`).
+```bash
+F="https://api.figma.com/v1"; AUTH=(-H "Authorization: Bearer $FIGMA_TOKEN")
+# Who am I (account card)
+curl -sS "${AUTH[@]}" "$F/me" | jq '{handle, email}'
+# File document tree (name + top-level frames). Big files: prefer /nodes below.
+curl -sS "${AUTH[@]}" "$F/files/FILE_KEY?depth=2" \
+  | jq '{name, pages: [.document.children[] | {name, frames: [.children[]?.name]}]}'
+```
+## Read specific nodes & render images
+```bash
+KEY="FILE_KEY"
+# Just the nodes you care about (faster than the whole file)
+curl -sS "${AUTH[@]}" "$F/files/$KEY/nodes?ids=1:23,1:45" \
+  | jq '.nodes | to_entries[] | {id: .key, name: .value.document.name, type: .value.document.type}'
+# Render nodes to images — returns temporary CDN URLs (this is the "see it" tool)
+curl -sS "${AUTH[@]}" "$F/images/$KEY?ids=1:23&format=png&scale=2" \
+  | jq '.images'   # { "1:23": "https://...png" }
+```
+For design-to-code, render the frame to PNG (to view) and read its node JSON
+(layout/fills/typography) to extract exact colors, spacing and text.
+## Comments & projects
+```bash
+curl -sS "${AUTH[@]}" "$F/files/FILE_KEY/comments" \
+  | jq '.comments[] | {user: .user.handle, at: .created_at, message}'
+# Team projects → files (needs a team id from the Figma URL /team/<id>/...)
+curl -sS "${AUTH[@]}" "$F/teams/TEAM_ID/projects" | jq '.projects'
+```
+## Gotchas
+- Node ids: Figma URLs use `1-23` (dash); the API wants `1:23` (colon). Convert.
+- `/images` URLs are **temporary** — download/use them promptly, don't store.
+- `depth=` limits tree traversal; omit it only for small files or you'll pull
+  megabytes of node JSON.

package/skills/google-ads/SKILL.md ADDED Viewed

@@ -0,0 +1,65 @@
+---
+name: google-ads
+description: Query Google Ads campaigns, ad groups, keywords and spend via the Google Ads API (GAQL searchStream). Use when the user mentions Google Ads, ad campaigns, ad spend / cost, impressions / clicks / conversions on ads, or campaign performance.
+when_to_use: |
+  Trigger when the user wants Google Ads reporting — list accessible
+  customers, campaign / ad-group / keyword performance, spend and
+  conversions. Read via GAQL. Needs the OAuth token PLUS a platform
+  developer token and a login-customer-id; if those env vars are
+  absent the connector isn't fully provisioned yet — tell the user.
+connections: [google/ads]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Query the **Google Ads API** via `curl + jq`. Three credentials are needed:
+- `$GOOGLE_ADS_TOKEN` — the user's OAuth bearer (`adwords` scope) →
+  `Authorization: Bearer $GOOGLE_ADS_TOKEN`
+- `$GOOGLE_ADS_DEVELOPER_TOKEN` — the platform's developer token (injected
+  server-side) → header `developer-token: $GOOGLE_ADS_DEVELOPER_TOKEN`
+- `login-customer-id` — the manager (MCC) id under which calls are made; use the
+  target customer id, or `$GOOGLE_ADS_LOGIN_CUSTOMER_ID` if set (digits only, no
+  dashes).
+> **API version:** the base is `https://googleads.googleapis.com/<vNN>`. Google
+> ships a new `vNN` every ~4 months and retires old ones — set `VER` to the
+> **current** supported version (check developers.google.com/google-ads/api
+> release notes); the example uses `v18`.
+If `$GOOGLE_ADS_DEVELOPER_TOKEN` is empty, the connector isn't fully provisioned —
+say so rather than calling the API (it would 401/DEVELOPER_TOKEN_NOT_APPROVED).
+```bash
+VER="v18"; BASE="https://googleads.googleapis.com/$VER"
+AUTH=(-H "Authorization: Bearer $GOOGLE_ADS_TOKEN" -H "developer-token: $GOOGLE_ADS_DEVELOPER_TOKEN")
+# Customers the OAuth user can access (ids are returned as customers/<id>)
+curl -sS "${AUTH[@]}" "$BASE/customers:listAccessibleCustomers" | jq '.resourceNames'
+```
+## Report with GAQL (searchStream)
+```bash
+CID="1234567890"   # target customer id, digits only
+curl -sS "${AUTH[@]}" -H "login-customer-id: ${GOOGLE_ADS_LOGIN_CUSTOMER_ID:-$CID}" \
+  -H "Content-Type: application/json" -d '{
+  "query":"SELECT campaign.name, metrics.cost_micros, metrics.clicks, metrics.conversions FROM campaign WHERE segments.date DURING LAST_30_DAYS ORDER BY metrics.cost_micros DESC"
+}' "$BASE/customers/$CID/googleAds:searchStream" \
+  | jq '.[].results[]? | {campaign: .campaign.name, cost_usd: (.metrics.costMicros|tonumber/1e6), clicks: .metrics.clicks, conv: .metrics.conversions}'
+```
+GAQL resources: `campaign`, `ad_group`, `ad_group_criterion` (keywords),
+`customer`. Cost is `metrics.cost_micros` (÷ 1,000,000 = account currency).
+## Gotchas
+- **Three headers, not one.** Missing `developer-token` or `login-customer-id`
+  is the #1 cause of 401/403 here.
+- Customer ids are **digits only** in URLs/headers (strip the dashes from
+  `123-456-7890`).
+- `searchStream` returns an array of chunks each with `.results[]` — flatten with
+  `.[].results[]?`.
+- Cost is in **micros** of the account currency; divide by 1e6.

package/skills/google-analytics/SKILL.md ADDED Viewed

@@ -0,0 +1,68 @@
+---
+name: google-analytics
+description: Query Google Analytics 4 (GA4) reports via the Analytics Data API v1 and list properties via the Admin API. Use when the user mentions Google Analytics, GA4, website traffic / sessions / users, top pages or sources, conversions, or a realtime report.
+when_to_use: |
+  Trigger when the user wants GA4 metrics — sessions, users, top
+  pages / channels / countries, conversions, or live realtime users —
+  for one of their GA4 properties. Read-only (`analytics.readonly`).
+  List properties first to get the numeric property id.
+connections: [google/analytics]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Query **Google Analytics 4** via `curl + jq`. The user's OAuth bearer token is in
+`$GOOGLE_ANALYTICS_TOKEN` (scope `analytics.readonly`); every call needs
+`Authorization: Bearer $GOOGLE_ANALYTICS_TOKEN`. Two APIs: the **Admin API**
+(`analyticsadmin.googleapis.com/v1beta`) to discover properties, and the **Data
+API** (`analyticsdata.googleapis.com/v1beta`) to run reports.
+Failures are `{"error":{"code","message","status"}}` — show verbatim. `401` =
+re-install.
+```bash
+AUTH=(-H "Authorization: Bearer $GOOGLE_ANALYTICS_TOKEN")
+# List the GA4 properties the user can access (via their account summaries)
+curl -sS "${AUTH[@]}" "https://analyticsadmin.googleapis.com/v1beta/accountSummaries" \
+  | jq '.accountSummaries[]?.propertySummaries[]? | {property, displayName}'
+```
+`property` looks like `properties/123456789` — the number is the `PROPERTY_ID`.
+## Run a report
+```bash
+PID="123456789"
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" -d '{
+  "dateRanges":[{"startDate":"28daysAgo","endDate":"today"}],
+  "dimensions":[{"name":"pagePath"}],
+  "metrics":[{"name":"screenPageViews"},{"name":"activeUsers"}],
+  "orderBys":[{"metric":{"metricName":"screenPageViews"},"desc":true}],
+  "limit":10
+}' "https://analyticsdata.googleapis.com/v1beta/properties/$PID:runReport" \
+  | jq '.rows[] | {page: .dimensionValues[0].value, views: .metricValues[0].value, users: .metricValues[1].value}'
+```
+Swap dimensions/metrics for other reports: `sessionDefaultChannelGroup` +
+`sessions` (acquisition), `country` + `activeUsers` (geo), `eventName` +
+`eventCount` / `conversions` (events). Dates accept `NdaysAgo`, `today`,
+`yesterday`, or `YYYY-MM-DD`.
+## Realtime
+```bash
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"dimensions":[{"name":"country"}],"metrics":[{"name":"activeUsers"}]}' \
+  "https://analyticsdata.googleapis.com/v1beta/properties/$PID:runRealtimeReport" | jq '.rows'
+```
+## Gotchas
+- This is **GA4 only** (Data API v1). Old Universal Analytics (UA) is shut down —
+  don't use the legacy `analytics/v3` endpoints.
+- Valid dimension/metric API names matter (`screenPageViews`, not "Pageviews").
+  If a name 400s, it's the wrong API id — check the GA4 dimensions & metrics list.
+- Reports are capped by `limit` (default 10k rows); page with `offset`.

package/skills/google-docs/SKILL.md ADDED Viewed

@@ -0,0 +1,61 @@
+---
+name: google-docs
+description: Read and edit Google Docs via the Docs v1 REST API. Use when the user mentions a Google Doc, reading a document's text, creating a doc, inserting or replacing text, or exporting a doc's content.
+when_to_use: |
+  Trigger when the user wants to read a Google Doc's content, create a
+  new doc, or insert / replace text in one. The connector grants
+  `documents.readonly` by default; the user opts in to `documents`
+  (read + write) at install — confirm before edits. Find the doc id
+  from a Drive URL or a google-drive search.
+connections: [google/docs]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Drive **Google Docs** via `curl + jq`. The user's OAuth bearer token is in
+`$GOOGLE_DOCS_TOKEN`; every call needs `Authorization: Bearer
+$GOOGLE_DOCS_TOKEN`. Base URL: `https://docs.googleapis.com/v1/documents`. The
+token carries `documents.readonly` (+ identity); writes need `documents`.
+Failures are `{"error":{"code","message","status"}}` — show verbatim. `401` =
+re-install. `403 PERMISSION_DENIED` on a write = read-only scope.
+The doc id is the `…/document/d/<ID>/edit` segment of the URL.
+```bash
+D="https://docs.googleapis.com/v1/documents"; AUTH=(-H "Authorization: Bearer $GOOGLE_DOCS_TOKEN")
+# Read the document. The body is a tree of structural elements; pull plain text:
+curl -sS "${AUTH[@]}" "$D/DOC_ID" \
+  | jq -r '.title, ([.body.content[]?.paragraph?.elements[]?.textRun?.content] | join(""))'
+```
+## Create & edit
+```bash
+# Create an empty doc
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"title":"Meeting notes 2026-06-21"}' "$D" | jq '{documentId, title}'
+# Insert text at the start (index 1) via batchUpdate (confirm first)
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"requests":[{"insertText":{"location":{"index":1},"text":"Hello\n"}}]}' \
+  "$D/DOC_ID:batchUpdate" | jq '.documentId'
+# Replace all occurrences of a placeholder
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"requests":[{"replaceAllText":{"containsText":{"text":"{{name}}","matchCase":true},"replaceText":"Alex"}}]}' \
+  "$D/DOC_ID:batchUpdate" | jq '.replies'
+```
+## Gotchas
+- The document model is **index-based**: text edits target character indices, and
+  every insert shifts later indices — for multiple inserts, apply them
+  back-to-front or recompute indices between calls.
+- To get clean Markdown/plain text, walk `body.content[].paragraph.elements[]
+  .textRun.content` (the jq above). Tables / lists need deeper traversal.
+- Creating a doc puts it in the user's Drive root; use the `google-drive` skill to
+  move/share it.

package/skills/google-search-console/SKILL.md ADDED Viewed

@@ -0,0 +1,70 @@
+---
+name: google-search-console
+description: Query Google Search Console via the Search Console API v1 — search analytics (clicks / impressions / CTR / position), sites, sitemaps and URL inspection. Use when the user mentions Search Console, organic search performance, top queries / pages, indexing status, or sitemaps.
+when_to_use: |
+  Trigger when the user wants Search Console data — top queries or
+  pages by clicks / impressions / CTR / position, performance by date
+  or country, the list of verified sites, sitemaps, or URL inspection.
+  Read-only (`webmasters.readonly`). List sites first to get the
+  property URL.
+connections: [google/search-console]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Query **Google Search Console** via `curl + jq`. The user's OAuth bearer token is
+in `$GOOGLE_SEARCH_CONSOLE_TOKEN` (scope `webmasters.readonly`); every call needs
+`Authorization: Bearer $GOOGLE_SEARCH_CONSOLE_TOKEN`. Base:
+`https://searchconsole.googleapis.com`.
+Failures are `{"error":{"code","message","status"}}` — show verbatim. `401` =
+re-install. `403` = the token's account doesn't own/verify that site.
+```bash
+AUTH=(-H "Authorization: Bearer $GOOGLE_SEARCH_CONSOLE_TOKEN")
+# Verified sites (siteUrl is the property — URL-encode it in later calls)
+curl -sS "${AUTH[@]}" "https://searchconsole.googleapis.com/webmasters/v3/sites" \
+  | jq '.siteEntry[] | {siteUrl, permissionLevel}'
+```
+## Search analytics
+```bash
+# Top queries by clicks for the last 28 days. siteUrl must be URL-encoded
+# (https%3A%2F%2Fexample.com%2F  or  sc-domain%3Aexample.com).
+SITE="https%3A%2F%2Fexample.com%2F"
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" -d '{
+  "startDate":"2026-05-24","endDate":"2026-06-21",
+  "dimensions":["query"],"rowLimit":10
+}' "https://searchconsole.googleapis.com/webmasters/v3/sites/$SITE/searchAnalytics/query" \
+  | jq '.rows[] | {query: .keys[0], clicks, impressions, ctr, position}'
+```
+Swap `dimensions` for `["page"]`, `["country"]`, `["date"]`, or combine
+`["query","page"]`. Add `"dimensionFilterGroups"` to filter by page/country.
+## Sitemaps & URL inspection
+```bash
+# Submitted sitemaps
+curl -sS "${AUTH[@]}" "https://searchconsole.googleapis.com/webmasters/v3/sites/$SITE/sitemaps" \
+  | jq '.sitemap[] | {path, lastDownloaded, errors, warnings}'
+# Is a URL indexed?
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"inspectionUrl":"https://example.com/page","siteUrl":"https://example.com/"}' \
+  "https://searchconsole.googleapis.com/v1/urlInspection/index:inspect" \
+  | jq '.inspectionResult.indexStatusResult | {verdict, coverageState, lastCrawlTime}'
+```
+## Gotchas
+- **Two property shapes:** URL-prefix (`https://example.com/`) vs Domain
+  (`sc-domain:example.com`). Use exactly the `siteUrl` from the sites list,
+  URL-encoded.
+- Data lags ~2–3 days; the most recent dates may be partial/empty — set `endDate`
+  a couple days back for stable numbers.
+- `ctr` is 0–1, `position` is average rank (lower = better).

package/skills/google-sheets/SKILL.md ADDED Viewed

@@ -0,0 +1,75 @@
+---
+name: google-sheets
+description: Read and edit Google Sheets via the Sheets v4 REST API. Use when the user mentions Google Sheets, a spreadsheet, cells / ranges / tabs, reading or appending rows, updating values, or creating a new spreadsheet.
+when_to_use: |
+  Trigger when the user wants to read a range from a Sheet, append or
+  update rows, add a tab, or create a spreadsheet. The connector grants
+  `spreadsheets.readonly` by default; the user opts in to the broader
+  `spreadsheets` scope (read + write) at install — confirm before
+  writes. Find the spreadsheet id from a Drive URL or a google-drive
+  search.
+connections: [google/sheets]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Drive **Google Sheets** via `curl + jq`. The user's OAuth bearer token is in
+`$GOOGLE_SHEETS_TOKEN`; every call needs `Authorization: Bearer
+$GOOGLE_SHEETS_TOKEN`. Base URL: `https://sheets.googleapis.com/v4/spreadsheets`.
+The token carries `spreadsheets.readonly` (+ identity); writes need the broader
+`spreadsheets` scope.
+Failures are `{"error":{"code","message","status"}}` — show verbatim. `401` =
+re-install. `403 PERMISSION_DENIED` on a write = read-only scope → re-connect
+with read+write.
+The spreadsheet id is the `…/spreadsheets/d/<ID>/edit` segment of the URL.
+```bash
+S="https://sheets.googleapis.com/v4/spreadsheets"; AUTH=(-H "Authorization: Bearer $GOOGLE_SHEETS_TOKEN")
+# Tabs + title
+curl -sS "${AUTH[@]}" "$S/SPREADSHEET_ID?fields=properties.title,sheets.properties(title,sheetId)" \
+  | jq '{title: .properties.title, tabs: [.sheets[].properties.title]}'
+```
+## Read / append / update values
+```bash
+ID="SPREADSHEET_ID"
+# Read a range (A1 notation; values are rows of cells)
+curl -sS "${AUTH[@]}" "$S/$ID/values/Sheet1!A1:D20" | jq '.values'
+# Append rows (confirm first). valueInputOption=USER_ENTERED parses formulas/dates.
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"values":[["2026-06-21","Acme",4200]]}' \
+  "$S/$ID/values/Sheet1!A1:append?valueInputOption=USER_ENTERED" | jq '.updates'
+# Update a fixed range: PUT /values/{range}?valueInputOption=USER_ENTERED
+curl -sS -X PUT "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"values":[["done"]]}' \
+  "$S/$ID/values/Sheet1!E2?valueInputOption=USER_ENTERED" | jq '.updatedCells'
+```
+## Create a spreadsheet / add a tab
+```bash
+# New spreadsheet
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"properties":{"title":"Report 2026"}}' "$S" | jq '{spreadsheetId, spreadsheetUrl}'
+# Add a tab via batchUpdate (addSheet request)
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"requests":[{"addSheet":{"properties":{"title":"Q3"}}}]}' \
+  "$S/$ID:batchUpdate" | jq '.replies'
+```
+## Gotchas
+- **A1 notation:** `Sheet1!A1:D20`; quote tab names with spaces as `'My Tab'!A1`.
+- `valueInputOption=RAW` stores strings as-is; `USER_ENTERED` interprets them like
+  the UI (numbers, dates, `=FORMULA`). Pick deliberately.
+- `values` is row-major (`[[row1...],[row2...]]`); a missing trailing cell just
+  comes back short — don't assume rectangular.

package/skills/microsoft-excel/SKILL.md ADDED Viewed

@@ -0,0 +1,71 @@
+---
+name: microsoft-excel
+description: Read and edit live Excel workbooks stored in OneDrive / SharePoint via the Microsoft Graph workbook API. Use when the user mentions an Excel file, a spreadsheet on OneDrive, reading a range or table, appending rows, updating cells, or listing worksheets in a cloud .xlsx.
+when_to_use: |
+  Trigger when the user wants to read or write a cloud Excel workbook
+  (one that lives in their OneDrive / SharePoint) — read a used range,
+  read/update cells, add rows to a table, list worksheets. The
+  connector grants `Files.ReadWrite` (or `Files.Read` read-only). Find
+  the file id first via OneDrive search; confirm before writes.
+connections: [microsoft/excel]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Drive **live Excel workbooks** via the Microsoft Graph workbook API with
+`curl + jq`. The user's OAuth bearer token is in `$MICROSOFT_EXCEL_TOKEN`; every
+call needs `Authorization: Bearer $MICROSOFT_EXCEL_TOKEN`. Base URL:
+`https://graph.microsoft.com/v1.0`. The workbook API operates on a **drive item**
+(an .xlsx in OneDrive/SharePoint), so you need its `ITEM_ID`.
+Failures are `{"error":{"code","message"}}` — show `message` verbatim. `401` =
+token expired (re-install). `403` on a write = the user granted read-only.
+```bash
+G="https://graph.microsoft.com/v1.0"; AUTH=(-H "Authorization: Bearer $MICROSOFT_EXCEL_TOKEN")
+# Find the workbook by name (then take .id as ITEM_ID)
+curl -sS "${AUTH[@]}" "$G/me/drive/root/search(q='budget.xlsx')" \
+  | jq '.value[] | {id, name, webUrl}'
+# Worksheets in the workbook
+curl -sS "${AUTH[@]}" "$G/me/drive/items/ITEM_ID/workbook/worksheets" \
+  | jq '.value[] | {id, name, position}'
+```
+## Read & write ranges
+```bash
+ITEM="ITEM_ID"; WS="Sheet1"
+# Used range (values + formulas + formats)
+curl -sS "${AUTH[@]}" \
+  "$G/me/drive/items/$ITEM/workbook/worksheets/$WS/usedRange" \
+  | jq '{address, values: .values}'
+# Read a specific range
+curl -sS "${AUTH[@]}" \
+  "$G/me/drive/items/$ITEM/workbook/worksheets/$WS/range(address='A1:C5')" | jq '.values'
+# Update a range (confirm first). values is a 2-D array matching the address shape.
+curl -sS -X PATCH "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"values":[["Q3",1200],["Q4",1580]]}' \
+  "$G/me/drive/items/$ITEM/workbook/worksheets/$WS/range(address='A2:B3')" | jq '.address'
+```
+## Append a row to a table
+```bash
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"values":[["2026-06-21","Acme",4200]]}' \
+  "$G/me/drive/items/$ITEM/workbook/tables/Table1/rows/add" | jq '.index'
+```
+## Gotchas
+- This is for **cloud** workbooks (OneDrive/SharePoint). A local .xlsx the user
+  uploaded into chat is a different job (parse the file directly), not this skill.
+- Range `address` is a string like `Sheet1!A1:C5` or just `A1:C5` when scoped to a
+  worksheet; `values` must be a 2-D array matching its dimensions.
+- For long-running edits Graph supports a **workbook session** header
+  (`workbook-session-id`); for a few cells the default sessionless mode is fine.

package/skills/microsoft-teams/SKILL.md ADDED Viewed

@@ -0,0 +1,56 @@
+---
+name: microsoft-teams
+description: Read and send Microsoft Teams chat messages via Microsoft Graph v1.0. Use when the user mentions Microsoft Teams chats, a 1:1 or group chat, reading recent Teams messages, or sending a Teams chat message. (Channel messages are not covered — they need admin-consented scopes.)
+when_to_use: |
+  Trigger when the user wants to list their Teams chats, read recent
+  messages in a chat, or send a chat message. Scoped to **chats**
+  (1:1 / group) which use delegated `Chat.Read` / `Chat.ReadWrite` /
+  `ChatMessage.Send` — no admin consent. Confirm before sending; do
+  not attempt channel-message reads (different, admin-gated scopes).
+connections: [microsoft/teams]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Drive **Microsoft Teams chats** via Microsoft Graph with `curl + jq`. The user's
+OAuth bearer token is in `$MICROSOFT_TEAMS_TOKEN`; every call needs
+`Authorization: Bearer $MICROSOFT_TEAMS_TOKEN`. Base URL:
+`https://graph.microsoft.com/v1.0`.
+Failures are `{"error":{"code","message"}}` — show `message` verbatim. `401` =
+re-install. `403`/`Forbidden` on send = the user granted read-only
+(`Chat.Read`) → re-connect with `Chat.ReadWrite` + `ChatMessage.Send`.
+```bash
+G="https://graph.microsoft.com/v1.0"; AUTH=(-H "Authorization: Bearer $MICROSOFT_TEAMS_TOKEN")
+# My chats (1:1 + group), most recent first; expand members for names
+curl -sS "${AUTH[@]}" "$G/me/chats?\$top=20&\$expand=members" \
+  | jq '.value[] | {id, chatType, topic, members: [.members[].displayName]}'
+```
+## Read & send chat messages
+```bash
+CHAT="CHAT_ID"
+# Recent messages
+curl -sS "${AUTH[@]}" "$G/chats/$CHAT/messages?\$top=20" \
+  | jq '.value[] | {from: .from.user.displayName, created: .createdDateTime, text: .body.content}'
+# Send a message (confirm content with the user first). contentType html|text.
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"body":{"contentType":"html","content":"Hi from the assistant 👋"}}' \
+  "$G/chats/$CHAT/messages" | jq '{id, created: .createdDateTime}'
+```
+## Gotchas
+- **Chats only.** Reading Teams **channel** messages needs
+  `ChannelMessage.Read.All` — a Microsoft "protected API" requiring tenant-admin
+  consent — which this connector deliberately does not request. Don't try
+  `/teams/{id}/channels/.../messages`; it will 403.
+- `body.content` for HTML messages contains markup — strip tags when
+  summarizing.
+- OData `$top`/`$expand` need the `$` escaped in the shell; quote the URL.

package/skills/microsoft-todo/SKILL.md ADDED Viewed

@@ -0,0 +1,58 @@
+---
+name: microsoft-todo
+description: Read and manage Microsoft To Do task lists and tasks via Microsoft Graph v1.0. Use when the user mentions Microsoft To Do, their Outlook tasks, todo / pending items, due dates or reminders, adding or completing a task, or organising task lists.
+when_to_use: |
+  Trigger when the user wants to inspect or manage Microsoft To Do —
+  list task lists, surface pending / overdue items, add todos, mark
+  complete, or update / delete tasks. The connector grants
+  `Tasks.ReadWrite` (or `Tasks.Read` if the user chose read-only) —
+  confirm before destructive writes.
+connections: [microsoft/todo]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Drive **Microsoft To Do** via Microsoft Graph with `curl + jq`. The user's OAuth
+bearer token is in `$MICROSOFT_TODO_TOKEN`; every call needs
+`Authorization: Bearer $MICROSOFT_TODO_TOKEN`. Base URL:
+`https://graph.microsoft.com/v1.0`.
+Failures are `{"error":{"code","message"}}` — show `message` verbatim. `401`
+means the token expired (re-install). `403`/`ErrorAccessDenied` on a write means
+the user only granted `Tasks.Read` → ask them to re-connect with read+write.
+```bash
+G="https://graph.microsoft.com/v1.0"; AUTH=(-H "Authorization: Bearer $MICROSOFT_TODO_TOKEN")
+# Task lists
+curl -sS "${AUTH[@]}" "$G/me/todo/lists" | jq '.value[] | {id, displayName, wellknownListName}'
+```
+## Tasks
+```bash
+LIST="LIST_ID"
+# Open tasks in a list (filter notStarted/inProgress; $top caps page size)
+curl -sS "${AUTH[@]}" \
+  "$G/me/todo/lists/$LIST/tasks?\$filter=status ne 'completed'&\$top=50" \
+  | jq '.value[] | {id, title, status, due: .dueDateTime.dateTime}'
+# Create (confirm first). dueDateTime/reminderDateTime are optional.
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"title":"Follow up with Alex","dueDateTime":{"dateTime":"2026-06-30T17:00:00","timeZone":"UTC"}}' \
+  "$G/me/todo/lists/$LIST/tasks" | jq '{id, title, status}'
+# Complete: PATCH the task with {"status":"completed"}
+curl -sS -X PATCH "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"status":"completed"}' "$G/me/todo/lists/$LIST/tasks/TASK_ID" | jq '{title, status}'
+```
+## Gotchas
+- OData params (`$filter`, `$top`, `$select`) need the `$` escaped in the shell
+  (`\$filter`) and URL-encoded spaces — quote the whole URL.
+- `wellknownListName: "defaultList"` is the user's default "Tasks" list — a good
+  fallback when they don't name a list.
+- Pagination via `@odata.nextLink`; follow it for "all tasks".

package/skills/sentry/SKILL.md ADDED Viewed

@@ -0,0 +1,80 @@
+---
+name: sentry
+description: Monitor errors, issues, releases and projects in Sentry via the REST API v0. Use when the user mentions Sentry, error tracking, an unresolved issue, a stack trace / crash, error rate, a release, or wants to triage / resolve / assign issues across their Sentry projects.
+when_to_use: |
+  Trigger when the user wants to list or search Sentry issues, read a
+  crash's latest event + stack trace, list projects or releases, or
+  resolve / assign an issue. The connector stores a Sentry auth token
+  with the granted org scope — confirm before any write (resolve /
+  assign / delete), and prefer read-only triage first.
+connections: [sentry]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Call the **Sentry REST API v0** with `curl + jq`. The user's auth token is in
+`$SENTRY_AUTH_TOKEN` and their org slug in `$SENTRY_ORG_SLUG`; every call needs
+`Authorization: Bearer $SENTRY_AUTH_TOKEN`. Base URL: `https://sentry.io/api/0`
+(SaaS). For a self-hosted Sentry the user supplies `$SENTRY_BASE_URL` — use it
+instead when set.
+Errors come back as JSON with a `detail` field — show it verbatim. `401` means
+the token is invalid → the user must re-connect Sentry. `403` means the token
+lacks the scope for that action (e.g. write) → ask them to re-connect with a
+broader token.
+Always confirm the org + list projects first:
+```bash
+BASE="${SENTRY_BASE_URL:-https://sentry.io/api/0}"
+curl -sS -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  "$BASE/organizations/$SENTRY_ORG_SLUG/projects/" \
+  | jq '.[] | {slug, name, platform}'
+```
+## Search & read issues
+```bash
+# Unresolved issues for a project, most frequent first.
+curl -sS -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  "$BASE/projects/$SENTRY_ORG_SLUG/PROJECT_SLUG/issues/?query=is:unresolved&sort=freq" \
+  | jq '.[] | {id, shortId, title, count, userCount, lastSeen}'
+# A single issue + its latest event (stack trace, tags, breadcrumbs).
+curl -sS -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  "$BASE/issues/ISSUE_ID/" | jq '{shortId, title, status, count, firstSeen, lastSeen}'
+curl -sS -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  "$BASE/issues/ISSUE_ID/events/latest/" \
+  | jq '{message, culprit, entries: [.entries[] | .type]}'
+```
+`query=` uses Sentry's search syntax: `is:unresolved`, `is:assigned`,
+`environment:production`, `release:1.2.3`, free-text, etc.
+## Releases
+```bash
+curl -sS -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  "$BASE/organizations/$SENTRY_ORG_SLUG/releases/?per_page=20" \
+  | jq '.[] | {version, dateCreated, newGroups, projects: [.projects[].slug]}'
+```
+## Triage (writes — confirm first)
+```bash
+# Resolve (or set status: unresolved | ignored). Assign with assignedTo (username/email).
+curl -sS -X PUT -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \
+  -H "Content-Type: application/json" -d '{"status":"resolved"}' \
+  "$BASE/issues/ISSUE_ID/" | jq '{shortId, status}'
+```
+## Gotchas
+- **Pagination** is `Link` header cursor-based (`per_page` max 100). For "all
+  issues" follow the `rel="next"; results="true"` cursor.
+- **Org/project slugs**, not numeric ids, in the issue-search URL; the issue
+  detail/triage routes take the numeric/short issue id.
+- Don't dump tokens or PII from event payloads back to the user unprompted.

package/skills/tiktok/SKILL.md ADDED Viewed

@@ -0,0 +1,63 @@
+---
+name: tiktok
+description: Upload videos to the user's TikTok inbox/drafts and read their TikTok profile via the Content Posting API. Use when the user wants to publish or post a generated video to TikTok, send a video to their TikTok drafts, or check their TikTok account.
+when_to_use: |
+  Trigger when the user wants to push a video (e.g. one generated by
+  the video skills) to TikTok. v1 uploads to the user's **inbox /
+  drafts** (they finish posting in the TikTok app) — the safe,
+  pre-audit path. Confirm before uploading; the video must be a public
+  URL on a verified domain (or a file you upload in chunks).
+connections: [tiktok]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Call the **TikTok Content Posting API** with `curl + jq`. The user's OAuth bearer
+token is in `$TIKTOK_TOKEN`; every call needs `Authorization: Bearer
+$TIKTOK_TOKEN`. Base URL: `https://open.tiktokapis.com/v2`.
+Responses wrap everything in `{"data":...,"error":{"code","message","log_id"}}` —
+`error.code == "ok"` means success; otherwise show `error.message` verbatim.
+`401`/`access_token_invalid` = re-connect TikTok.
+```bash
+T="https://open.tiktokapis.com/v2"; AUTH=(-H "Authorization: Bearer $TIKTOK_TOKEN")
+# Profile (account card)
+curl -sS "${AUTH[@]}" "$T/user/info/?fields=open_id,display_name,avatar_url" \
+  | jq '.data.user'
+```
+## Upload a video to the user's inbox / drafts (v1)
+The simplest path is `PULL_FROM_URL`: TikTok fetches the video from a public URL
+on a **verified domain** (AceData's `cdn.acedata.cloud` is verified for this app).
+```bash
+VIDEO_URL="https://cdn.acedata.cloud/...mp4"   # must be on a verified domain
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" -d "$(jq -n --arg u "$VIDEO_URL" \
+  '{source_info:{source:"PULL_FROM_URL", video_url:$u}}')" \
+  "$T/post/publish/inbox/video/init/" | jq '{publish_id: .data.publish_id, error}'
+```
+This drops the video into the user's TikTok **inbox** — they open the TikTok app
+to add caption / sound / privacy and post. Poll status:
+```bash
+curl -sS -X POST "${AUTH[@]}" -H "Content-Type: application/json" \
+  -d '{"publish_id":"PUBLISH_ID"}' "$T/post/publish/status/fetch/" \
+  | jq '.data | {status, fail_reason}'
+```
+## Gotchas
+- **v1 = inbox upload only.** True "Direct Post" (set caption + privacy via API,
+  posts immediately) needs the `video.publish` scope and a passed Content Posting
+  audit — not available until then. Don't call `creator_info` /
+  `/post/publish/video/init/` (Direct Post) here; they require that scope.
+- `PULL_FROM_URL` only works from a **domain verified** in the TikTok developer
+  app. If the video isn't on a verified domain, use the chunked `FILE_UPLOAD`
+  flow instead (init → PUT byte ranges → status).
+- Unaudited apps are rate-limited and may restrict visibility to `SELF_ONLY`.

package/skills/vercel/SKILL.md ADDED Viewed

@@ -0,0 +1,77 @@
+---
+name: vercel
+description: Inspect Vercel projects, deployments, build logs and domains via the Vercel REST API. Use when the user mentions Vercel, a deployment that failed / is building, build or runtime logs, a preview URL, project domains, or wants to check / redeploy a Vercel project.
+when_to_use: |
+  Trigger when the user wants to list Vercel projects, list recent
+  deployments, read a deployment's build logs to diagnose a failure,
+  check domains, or trigger a redeploy. The connector stores a Vercel
+  access token with the granted scope; treat env-var values as secret
+  (never echo them) and confirm before any redeploy / mutation.
+connections: [vercel]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+Call the **Vercel REST API** with `curl + jq`. The user's token is in
+`$VERCEL_ACCESS_TOKEN`; every call needs `Authorization: Bearer
+$VERCEL_ACCESS_TOKEN`. Base URL: `https://api.vercel.com`. If the resource is
+team-scoped, append `?teamId=$VERCEL_TEAM_ID` (set only when the user connected a
+team token).
+Errors come back as `{"error":{"code","message"}}` — show `message` verbatim.
+`403 forbidden` usually means the token can't see that team/project →
+re-connect with the right scope.
+Helper for the optional team param:
+```bash
+TEAM=""; [ -n "$VERCEL_TEAM_ID" ] && TEAM="?teamId=$VERCEL_TEAM_ID"
+AUTH=(-H "Authorization: Bearer $VERCEL_ACCESS_TOKEN")
+```
+## Projects & deployments
+```bash
+# Projects
+curl -sS "${AUTH[@]}" "https://api.vercel.com/v9/projects$TEAM" \
+  | jq '.projects[] | {name, framework, latestProduction: .latestDeployments[0].url}'
+# Recent deployments (optionally filter by ?projectId=… or &state=ERROR)
+curl -sS "${AUTH[@]}" "https://api.vercel.com/v6/deployments${TEAM:-?}&limit=20" \
+  | jq '.deployments[] | {uid, name, url, state, readyState, created}'
+```
+## Diagnose a failed build
+```bash
+# Deployment detail
+curl -sS "${AUTH[@]}" "https://api.vercel.com/v13/deployments/DEPLOYMENT_ID${TEAM:+&teamId=$VERCEL_TEAM_ID}" \
+  | jq '{name, url, state: .readyState, error: .errorMessage}'
+# Build / runtime events (the actual logs)
+curl -sS "${AUTH[@]}" "https://api.vercel.com/v3/deployments/DEPLOYMENT_ID/events${TEAM:+?teamId=$VERCEL_TEAM_ID}" \
+  | jq -r '.[] | select(.type=="stdout" or .type=="stderr") | .payload.text'
+```
+## Domains & redeploy
+```bash
+# Project domains
+curl -sS "${AUTH[@]}" "https://api.vercel.com/v9/projects/PROJECT_ID/domains${TEAM:+?teamId=$VERCEL_TEAM_ID}" \
+  | jq '.domains[] | {name, verified}'
+```
+To **redeploy**, POST to `https://api.vercel.com/v13/deployments` with a
+`deploymentId` (or git source) body — **confirm with the user first**, it ships
+to production.
+## Gotchas
+- **Never print env-var values.** Listing project env vars returns metadata;
+  the `/v1/.../env/{id}` decrypt route returns secrets — don't call it unless the
+  user explicitly asks, and even then summarize, don't echo.
+- Deployment `state`/`readyState`: `QUEUED → BUILDING → READY | ERROR | CANCELED`.
+- `created`/`ready` are epoch ms — divide by 1000 for human time.