@acedatacloud/skills 2026.621.6 → 2026.621.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@acedatacloud/skills",
-  "version": "2026.621.6",
+  "version": "2026.621.8",
   "description": "Agent Skills for AceDataCloud AI services — music, image, video generation, LLM chat, web search. Compatible with Claude Code, GitHub Copilot, Gemini CLI, OpenAI Codex, and 30+ AI coding agents.",
   "keywords": [
     "agent-skills",

package/skills/bilibili/SKILL.md

@@ -0,0 +1,81 @@
+---
+name: bilibili
+description: Read and publish 专栏 articles on Bilibili (bilibili.com) with the user's own login cookies (BYOC) — list their published articles with view/like/comment stats, inspect one article, and publish a new article. Use when the user mentions Bilibili / B站 / 专栏, "我的B站专栏", reading article stats (阅读/点赞), or publishing/投稿 a 专栏 article.
+when_to_use: |
+  Trigger for anything on the user's Bilibili (bilibili.com) 专栏 account driven
+  by their own login cookie: show who they are, list their published 专栏
+  articles with view / like / comment counts, look at one article's stats, or
+  publish a new 专栏 article. This acts as the user's real account, so writes are
+  gated behind an explicit confirmation.
+connections: [bilibili]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+
+# bilibili — read & publish 专栏 via your own cookies
+
+Drives the user's **real** Bilibili 专栏 (article) account through the same
+`api.bilibili.com` web endpoints the site uses, authenticated by the login
+cookie they captured with the ACE extension. No browser, no third-party deps —
+`urllib` + `hashlib` (the article-list read endpoint needs WBI signing, done
+with stdlib).
+
+The connector injects the cookie jar as an env var:
+
+- `BILIBILI_COOKIES` — a JSON array of cookies. **Secret — never echo or print
+  it.** It includes `SESSDATA` (auth) and `bili_jct` (the CSRF token used for
+  writes).
+
+## CLI
+
+The skill ships [`scripts/bilibili.py`](scripts/bilibili.py) — self-contained, stdlib only.
+
+```sh
+BILI=$SKILL_DIR/scripts/bilibili.py
+python3 $BILI whoami                       # who is logged in (mid, name)
+python3 $BILI articles --limit 20          # my 专栏 articles + stats
+python3 $BILI article <cvid>               # one article's stats (cv id)
+```
+
+Stats come straight from Bilibili: `view` (阅读), `like` (点赞), `reply` (评论),
+`favorite` (收藏), `coin` (投币).
+
+## Verify the connection first
+
+```sh
+python3 $BILI whoami
+# → {"mid": 91207595, "name": "...", "level": 4}
+```
+
+On a not-logged-in / auth error the cookie is expired — have the user reconnect
+at <https://auth.acedata.cloud/user/connections>. Do **not** loop-retry.
+
+## Publishing — GATED (dry-run unless trailing `--confirm`)
+
+`publish` writes to the user's real account. 专栏 content is **HTML**. Without a
+trailing `--confirm` it dry-runs. `--confirm` is honored **only as the last
+argument**. Always show the dry-run, get an explicit "yes", then re-run.
+
+```sh
+python3 $BILI publish --title "标题" --content-file a.html                       # dry-run
+python3 $BILI publish --title "标题" --content-file a.html --draft-only --confirm   # save a draft
+python3 $BILI publish --title "标题" --content-file a.html --confirm                # save draft + submit (publish)
+```
+
+- `--draft-only` saves a draft (no submit) — safe; finish/publish in the editor.
+- The **submit** (go public) step is frequently rate-limited by Bilibili
+  risk-control (HTTP 412). When that happens the CLI reports the saved draft +
+  edit URL so the user can publish from the web editor. Default to `--draft-only`.
+
+## Gotchas
+
+- **This is the user's real Bilibili account.** Confirm before any publish.
+- **submit may 412** (anti-bot) even when the draft saved fine — the draft is the
+  reliable result; don't loop-retry submit.
+- A wrong cover layout (`tid`) / category returns `-17`; the CLI auto-retries
+  common `tid` values.
+- **Never print `BILIBILI_COOKIES`** — it is full account access.
+- **ToS**: acts only on the user's own account with their own captured cookie.

package/skills/bilibili/scripts/bilibili.py

@@ -0,0 +1,384 @@
+#!/usr/bin/env python3
+"""
+bilibili — read & publish 专栏 articles on Bilibili (bilibili.com) with the
+user's own login cookies (BYOC). Standard-library only (urllib + hashlib for
+WBI signing), no third-party deps.
+
+The connector injects the cookie jar as a JSON env var ``BILIBILI_COOKIES``.
+Reads use the login cookies; the article-list endpoint needs WBI signing
+(keys come from the nav response). Writes need ``csrf`` = the ``bili_jct`` cookie.
+
+Read commands run directly. ``publish`` is GATED by a trailing ``--confirm``
+(honored only as the last arg). ``--draft-only`` saves a draft (no submit).
+Note: Bilibili 专栏 content is HTML. The publish *submit* step is often
+rate-limited (HTTP 412) by risk-control; the draft is the reliable result.
+
+Examples:
+  python3 bilibili.py whoami
+  python3 bilibili.py articles --limit 20
+  python3 bilibili.py article <cvid>
+  python3 bilibili.py publish --title T --content-file a.html --draft-only --confirm
+"""
+
+from __future__ import annotations
+
+import argparse
+import gzip
+import hashlib
+import json
+import os
+import sys
+import time
+import urllib.error
+import urllib.parse
+import urllib.request
+
+UA = (
+    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
+    "(KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
+)
+PLATFORM = "bilibili"
+API = "https://api.bilibili.com"
+
+# Fixed permutation table for WBI mixin-key derivation (from bilibili web JS).
+MIXIN_KEY_ENC_TAB = [
+    46, 47, 18, 2, 53, 8, 23, 32, 15, 50, 10, 31, 58, 3, 45, 35, 27, 43, 5, 49,
+    33, 9, 42, 19, 29, 28, 14, 39, 12, 38, 41, 13, 37, 48, 7, 16, 24, 55, 40,
+    61, 26, 17, 0, 1, 60, 51, 30, 4, 22, 25, 54, 21, 56, 59, 6, 63, 57, 62, 11,
+    36, 20, 34, 44, 52,
+]
+
+_RAW = sys.argv[1:]
+CONFIRM = bool(_RAW) and _RAW[-1] == "--confirm"
+ARGV = _RAW[:-1] if CONFIRM else list(_RAW)
+
+
+def out(obj) -> None:
+    print(json.dumps(obj, ensure_ascii=False, indent=2, default=str))
+
+
+def die(msg: str, code: int = 1) -> None:
+    out({"error": msg})
+    sys.exit(code)
+
+
+# ── Cookie jar ──────────────────────────────────────────────────────
+
+def load_cookies() -> list:
+    env = f"{PLATFORM.upper()}_COOKIES"
+    raw = os.environ.get(env)
+    if not raw:
+        die(f"{env} is not set — connect Bilibili at "
+            f"https://auth.acedata.cloud/user/connections, then retry.")
+    try:
+        jar = json.loads(raw)
+    except json.JSONDecodeError as e:
+        die(f"{env} is not valid JSON: {e}")
+    if not isinstance(jar, list):
+        die(f"{env} must be a JSON list of cookies, got {type(jar).__name__}")
+    return jar
+
+
+def _domain_matches(host: str, domain: str) -> bool:
+    d = domain.lstrip(".").lower()
+    h = host.lower()
+    return not d or h == d or h.endswith("." + d)
+
+
+def cookie_header(jar: list, url: str) -> str:
+    host = urllib.parse.urlsplit(url).hostname or ""
+    host_in_scope = any(
+        c.get("domain") and _domain_matches(host, str(c["domain"])) for c in jar
+    )
+    parts = []
+    for c in jar:
+        name, value = c.get("name"), c.get("value")
+        if not name or value is None:
+            continue
+        domain = c.get("domain")
+        if domain:
+            if not _domain_matches(host, str(domain)):
+                continue
+        elif not host_in_scope:
+            continue
+        parts.append(f"{name}={value}")
+    return "; ".join(parts)
+
+
+def cookie_value(jar: list, name: str):
+    for c in jar:
+        if c.get("name") == name:
+            return c.get("value")
+    return None
+
+
+# ── HTTP ────────────────────────────────────────────────────────────
+
+def request(method, url, jar, *, referer=None, headers=None, body=None, form=None):
+    hdrs = {
+        "User-Agent": UA,
+        "Accept": "application/json, text/plain, */*",
+    }
+    if referer:
+        hdrs["Referer"] = referer
+    if headers:
+        hdrs.update(headers)
+    data = None
+    if form is not None:
+        data = urllib.parse.urlencode(form).encode("utf-8")
+        hdrs["Content-Type"] = "application/x-www-form-urlencoded; charset=UTF-8"
+    elif body is not None:
+        data = json.dumps(body).encode("utf-8")
+        hdrs.setdefault("Content-Type", "application/json")
+    req = urllib.request.Request(url, data=data, headers=hdrs, method=method)
+    # Unredirected → the cookie is not re-sent if the API 30x-redirects to a
+    # different host (e.g. a login page), so the jar never leaks off-site.
+    req.add_unredirected_header("Cookie", cookie_header(jar, url))
+    try:
+        with urllib.request.urlopen(req, timeout=30) as resp:
+            raw = resp.read()
+            if resp.headers.get("Content-Encoding") == "gzip":
+                raw = gzip.decompress(raw)
+            return resp.status, raw.decode("utf-8", "replace")
+    except urllib.error.HTTPError as e:
+        raw = e.read()
+        try:
+            if e.headers.get("Content-Encoding") == "gzip":
+                raw = gzip.decompress(raw)
+        except Exception:
+            pass
+        return e.code, raw.decode("utf-8", "replace")
+    except urllib.error.URLError as e:
+        die(f"network error reaching {url}: {e.reason}")
+
+
+def get_json(url, jar, *, referer=None):
+    status, text = request("GET", url, jar, referer=referer)
+    try:
+        d = json.loads(text)
+    except json.JSONDecodeError:
+        die(f"non-JSON response ({status}) from {url}: {text[:300]}")
+    return d
+
+
+# ── WBI signing (for x/space/wbi/article) ───────────────────────────
+
+def _wbi_keys(jar):
+    nav = get_json(f"{API}/x/web-interface/nav", jar)
+    data = nav.get("data") or {}
+    img = ((data.get("wbi_img") or {}).get("img_url") or "")
+    sub = ((data.get("wbi_img") or {}).get("sub_url") or "")
+    img_key = img.rsplit("/", 1)[-1].split(".")[0]
+    sub_key = sub.rsplit("/", 1)[-1].split(".")[0]
+    return nav, img_key, sub_key
+
+
+def _mixin_key(img_key, sub_key):
+    orig = img_key + sub_key
+    return "".join(orig[i] for i in MIXIN_KEY_ENC_TAB if i < len(orig))[:32]
+
+
+def _wbi_sign(params: dict, img_key, sub_key) -> dict:
+    mixin = _mixin_key(img_key, sub_key)
+    params = dict(params)
+    params["wts"] = int(time.time())
+    params = {k: params[k] for k in sorted(params)}
+    # bilibili drops these chars from values before signing
+    cleaned = {k: "".join(ch for ch in str(v) if ch not in "!'()*") for k, v in params.items()}
+    query = urllib.parse.urlencode(cleaned)
+    params["w_rid"] = hashlib.md5((query + mixin).encode()).hexdigest()
+    return params
+
+
+# ── commands ────────────────────────────────────────────────────────
+
+def bili_nav(jar):
+    nav = get_json(f"{API}/x/web-interface/nav", jar)
+    data = nav.get("data") or {}
+    if not data.get("isLogin"):
+        die("not logged in (cookie expired?) — reconnect at "
+            "https://auth.acedata.cloud/user/connections.")
+    return data
+
+
+def cmd_whoami(jar, _args):
+    d = bili_nav(jar)
+    out({
+        "mid": d.get("mid"),
+        "name": d.get("uname"),
+        "url": f"https://space.bilibili.com/{d.get('mid')}",
+        "level": (d.get("level_info") or {}).get("current_level"),
+        "vip": (d.get("vipStatus") or d.get("vip", {}).get("status")),
+    })
+
+
+def _fmt(a: dict) -> dict:
+    st = a.get("stats") or {}
+    cvid = a.get("id")
+    return {
+        "id": str(cvid) if cvid is not None else None,
+        "title": a.get("title"),
+        "url": f"https://www.bilibili.com/read/cv{cvid}" if cvid else None,
+        "view": st.get("view"),
+        "like": st.get("like"),
+        "reply": st.get("reply"),
+        "favorite": st.get("favorite"),
+        "coin": st.get("coin"),
+        "publish_time": a.get("publish_time"),
+    }
+
+
+def cmd_articles(jar, args):
+    nav, img_key, sub_key = _wbi_keys(jar)
+    mid = (nav.get("data") or {}).get("mid")
+    if not mid:
+        die("could not resolve your mid from nav (cookie expired?).")
+    collected, pn = [], 1
+    while len(collected) < args.limit:
+        signed = _wbi_sign({"mid": mid, "pn": pn, "ps": 30, "sort": "publish_time"},
+                           img_key, sub_key)
+        url = f"{API}/x/space/wbi/article?" + urllib.parse.urlencode(signed)
+        # WBI endpoints penalize a Referer header — omit it.
+        d = get_json(url, jar)
+        if d.get("code") != 0:
+            die(f"article list error (code={d.get('code')}): {d.get('message')}")
+        data = d.get("data") or {}
+        items = data.get("articles") or []
+        if not items:
+            break
+        collected.extend(items)
+        total = data.get("count")
+        if total is not None and len(collected) >= total:
+            break
+        pn += 1
+    items = collected[: args.limit]
+    out({"count": len(items), "articles": [_fmt(a) for a in items]})
+
+
+def cmd_article(jar, args):
+    cvid = str(args.id).lstrip("cv")
+    d = get_json(f"{API}/x/article/viewinfo?id={cvid}", jar)
+    if d.get("code") != 0:
+        die(f"article {args.id} not found (code={d.get('code')}): {d.get('message')}")
+    data = d.get("data") or {}
+    st = data.get("stats") or {}
+    out({
+        "id": cvid,
+        "title": data.get("title"),
+        "url": f"https://www.bilibili.com/read/cv{cvid}",
+        "author": data.get("author_name"),
+        "view": st.get("view"), "like": st.get("like"), "reply": st.get("reply"),
+        "favorite": st.get("favorite"), "coin": st.get("coin"),
+    })
+
+
+# tid = cover layout; a wrong one returns code -17 / "分类". Try common ones.
+_TID_CANDIDATES = ["4", "3", "6", "7", "2", "17", "28", "41"]
+
+
+def cmd_publish(jar, args):
+    if not args.title:
+        die("--title is required")
+    if not args.content_file and args.content is None:
+        die("provide --content-file <path.html> or --content <html>")
+    content = args.content
+    if args.content_file:
+        try:
+            with open(args.content_file, encoding="utf-8") as f:
+                content = f.read()
+        except OSError as e:
+            die(f"cannot read --content-file: {e}")
+    content = content or ""
+    csrf = cookie_value(jar, "bili_jct")
+    if not csrf:
+        die("no bili_jct cookie (CSRF token) — reconnect Bilibili.")
+
+    if not CONFIRM:
+        out({
+            "dry_run": True, "command": "publish", "platform": "bilibili",
+            "title": args.title, "draft_only": args.draft_only,
+            "content_bytes": len(content),
+            "note": "Bilibili 专栏 content is HTML. Re-run with --confirm as the "
+                    "LAST argument to write. The submit step is often 412-limited; "
+                    "the saved draft is the reliable result.",
+        })
+        return
+
+    ref = "https://member.bilibili.com/"
+    base = {
+        "title": args.title, "content": content, "csrf": csrf,
+        "category": "0", "list_id": "0", "reprint": "0", "original": "1",
+        "media_id": "0", "spoiler": "0", "save": "0", "pgc_id": "0",
+    }
+    # 1. save draft, retrying tid until the category is accepted
+    aid, last = None, None
+    for tid in _TID_CANDIDATES:
+        body = dict(base, tid=tid)
+        status, text = request("POST", f"{API}/x/article/creative/draft/addupdate",
+                               jar, referer=ref, form=body)
+        try:
+            r = json.loads(text)
+        except json.JSONDecodeError:
+            last = f"non-JSON ({status}): {text[:200]}"
+            continue
+        if r.get("code") == 0:
+            aid = (r.get("data") or {}).get("aid")
+            chosen_tid = tid
+            break
+        last = f"code={r.get('code')} {r.get('message')}"
+        if "分类" not in str(r.get("message", "")) and r.get("code") != -17:
+            break  # a non-category error won't be fixed by another tid
+    if not aid:
+        die(f"save-draft failed: {last}")
+
+    if args.draft_only:
+        out({"ok": True, "draft_only": True, "aid": str(aid),
+             "edit_url": f"https://member.bilibili.com/article-text/home?aid={aid}"})
+        return
+
+    # 2. submit (publish) — may be 412 risk-controlled; report draft if so
+    body = dict(base, tid=chosen_tid, aid=aid)
+    status, text = request("POST", f"{API}/x/article/creative/article/submit",
+                           jar, referer=ref, form=body)
+    try:
+        r = json.loads(text)
+    except json.JSONDecodeError:
+        r = None
+    if r and r.get("code") == 0:
+        out({"ok": True, "published": True, "aid": str(aid),
+             "url": f"https://www.bilibili.com/read/cv{aid}"})
+    else:
+        out({"ok": False, "published": False, "draft_saved": True, "aid": str(aid),
+             "edit_url": f"https://member.bilibili.com/article-text/home?aid={aid}",
+             "note": f"submit blocked ({status}); the draft is saved — finish in the "
+                     f"web editor. Detail: {(r or {}).get('message') if r else text[:200]}"})
+
+
+COMMANDS = {
+    "whoami": cmd_whoami,
+    "articles": cmd_articles,
+    "article": cmd_article,
+    "publish": cmd_publish,
+}
+
+
+def main() -> None:
+    p = argparse.ArgumentParser(prog="bilibili.py", description="bilibili 专栏 cookie CLI")
+    sub = p.add_subparsers(dest="command", required=True)
+    sub.add_parser("whoami", help="show the logged-in account")
+    sp = sub.add_parser("articles", help="list the user's 专栏 articles + stats")
+    sp.add_argument("--limit", type=int, default=20)
+    sp = sub.add_parser("article", help="one article's stats (by cvid)")
+    sp.add_argument("id")
+    sp = sub.add_parser("publish", help="create/publish a 专栏 article (GATED by trailing --confirm)")
+    sp.add_argument("--title")
+    sp.add_argument("--content", help="HTML content inline")
+    sp.add_argument("--content-file", help="path to an HTML file")
+    sp.add_argument("--draft-only", action="store_true", help="save a draft; do NOT submit")
+    args = p.parse_args(ARGV)
+    jar = load_cookies()
+    COMMANDS[args.command](jar, args)
+
+
+if __name__ == "__main__":
+    main()

package/skills/csdn/SKILL.md

@@ -0,0 +1,85 @@
+---
+name: csdn
+description: Read and publish on CSDN (blog.csdn.net) with the user's own login cookies (BYOC) — list their published articles with view/like/comment stats, inspect one article, and publish a new article. Use when the user mentions CSDN, "我的 CSDN 文章", reading their article stats (阅读/点赞), or publishing/发文 to CSDN.
+when_to_use: |
+  Trigger for anything on the user's CSDN (blog.csdn.net) account driven by
+  their own login cookie: show who they are, list their published articles with
+  view / like / comment counts, look at one article's stats, or publish a new
+  article. This acts as the user's real account, so writes are gated behind an
+  explicit confirmation.
+connections: [csdn]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+
+# csdn — read & publish on CSDN via your own cookies
+
+Drives the user's **real** CSDN account through the same web APIs the site's own
+editor uses, authenticated by the login cookie they captured with the ACE
+extension. No browser, no third-party deps — `urllib` + `hmac` (the editor's
+save endpoint requires an HMAC signature, computed with stdlib).
+
+The connector injects the cookie jar as an env var:
+
+- `CSDN_COOKIES` — a JSON array of cookies. **Secret — never echo or print it.**
+  The CLI reads it for you.
+
+> CSDN fronts its APIs with a WAF; the CLI already sends a full browser
+> fingerprint so reads aren't 403'd. If you still get a WAF 403, the cookie
+> expired — have the user reconnect.
+
+## CLI
+
+The skill ships [`scripts/csdn.py`](scripts/csdn.py) — self-contained, stdlib only.
+
+```sh
+CSDN=$SKILL_DIR/scripts/csdn.py
+python3 $CSDN whoami                       # who is logged in (+ total article count)
+python3 $CSDN articles --limit 20          # my published articles + stats
+python3 $CSDN article <article-id>         # one article's stats
+```
+
+Stats come straight from CSDN: `view_count` (阅读), `digg_count` (点赞),
+`comment_count` (评论), `collect_count` (收藏).
+
+## Verify the connection first
+
+```sh
+python3 $CSDN whoami
+# → {"username": "...", "nickname": "...", "articles_total": 1597}
+```
+
+On a WAF 403 / auth error the cookie is expired — tell the user to reconnect at
+<https://auth.acedata.cloud/user/connections>. Do **not** retry in a loop.
+
+## Publishing — GATED (dry-run unless trailing `--confirm`)
+
+`publish` writes to the user's real account. Content is **Markdown**. Without a
+trailing `--confirm` it dry-runs. `--confirm` is honored **only as the last
+argument**. Always show the dry-run, get an explicit "yes", then re-run with
+`--confirm` last.
+
+```sh
+python3 $CSDN publish --title "标题" --content-file a.md                      # dry-run
+python3 $CSDN publish --title "标题" --content-file a.md --draft-only --confirm  # private draft (status=2)
+python3 $CSDN publish --title "标题" --content-file a.md --tags "AI,Python" --confirm  # PUBLIC, goes live
+```
+
+- `--draft-only` saves a private draft (CSDN `status=2`) — safe, nothing public.
+- Without `--draft-only` the article is **published publicly** under the user's
+  name. Default to `--draft-only` unless the user clearly asked to go live.
+- `--tags` is a comma-separated list of article tags.
+
+## Gotchas — surface before the user is surprised
+
+- **This is the user's real CSDN account.** Confirm before any publish.
+- **Cookie expiry / WAF 403**: reconnect at auth.acedata.cloud/user/connections —
+  never loop-retry a WAF block.
+- The editor save endpoint is signed with an HMAC key baked into CSDN's web
+  bundle; if CSDN rotates it, publish fails loudly (reads still work).
+- **Never print `CSDN_COOKIES`** — it is full account access.
+- **ToS**: cookie automation acts only on the user's own account with their own
+  captured cookie; the user owns that risk.