@xiashe/skill 0.1.9 → 0.1.14

package/README.md

@@ -6,22 +6,23 @@ This package is intentionally separate from the full `@xiashe/cli` product CLI a
 
 ## Purpose
 
-`xiashe-skill` helps creators prepare a Skill folder for third-party Skill hubs:
+`xiashe-skill` helps creators prepare a Skill folder for XiaShe Store and Red Skill:
 
 - inspect a local Skill project
 - run one high-level Agent-friendly publish handoff command
-- run lower-level registry setup commands that prepare all supported hub handoffs
-- diagnose whether a local Skill has the expected registry disclosure and runtime callback wiring
+- run lower-level registry setup commands that prepare XiaShe and Red handoffs
+- generate a public-safe Agent Ack block for anonymous cross-platform install and call analytics
+- diagnose whether a local Skill has the expected registry disclosure, Agent Ack instructions, and runtime callback wiring where supported
 - send labeled local verification events so the Dashboard can confirm integration health
 - write an explicit `xiashe.skill.json` registry manifest
-- generate one unified `UPLOAD_HANDOFF.md` that the creator's Agent can use after the user pastes a third-party official upload prompt
+- generate one unified `UPLOAD_HANDOFF.md` that the creator's Agent can use with Xiaohongshu's official `skillhub-upload` or `uploader.md`
 - generate optional runtime analytics snippets
 
-It does not install background services, run postinstall hooks, read secrets, or override third-party hub upload rules. The creator's Agent is responsible for packaging and uploading according to the target Skill hub's official rules.
+It does not install background services, run postinstall hooks, read secrets, or override Red Skill upload rules. The creator's Agent is responsible for packaging and uploading according to Xiaohongshu's official flow.
 
 The user-facing product flow should point creators at the official publish Markdown page and the `xiashe-publish` Skill. Direct CLI commands are implementation details for local Agents and developers.
 
-`setup --hub all` still writes platform-specific `upload-<hub>.md` checklists for source attribution, but those are internal Agent checklists. Users should not need to pick files manually. When a platform such as Red Skill provides its own upload prompt, paste that official prompt to the Agent and tell it to follow `.xiashe/UPLOAD_HANDOFF.md`.
+`setup --hub all` now defaults to XiaShe Store and Red Skill. It writes `.xiashe/AGENT_ACK.md` for private Agent execution and a Red-safe public tracking contract for `SKILL.md`. Users should not need to pick files manually. When Red Skill provides `uploader.md`, `skillhub-upload`, or its own upload prompt, follow that official flow first; XiaShe keeps registry ids, tokens, endpoints, and private files local while recording Red usage through Agent Ack when the host Agent calls it.
 
 ## Local development
 
@@ -29,7 +30,7 @@ The user-facing product flow should point creators at the official publish Markd
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs --help
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs inspect .
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs doctor .
-node packages/xiashe-skill-cli/bin/xiashe-skill.mjs publish . --code XS-XXXX-XXXX --to xiashe,claude
+node packages/xiashe-skill-cli/bin/xiashe-skill.mjs publish . --code XS-XXXX-XXXX --to xiashe,red
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs setup . --code XS-XXXX-XXXX --hub all
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs setup . --code XS-XXXX-XXXX --hub red
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs verify . --hub red --dry-run --json
@@ -38,5 +39,5 @@ node packages/xiashe-skill-cli/bin/xiashe-skill.mjs attach . --code XS-XXXX-XXXX
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs attach . --public-token pub_xxx --skill-id sk_xxx
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs prompt . --hub red --source-url https://example.com/my-skill-repo
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs snippet . --target js
-node packages/xiashe-skill-cli/bin/xiashe-skill.mjs track . --event skill_invoked --hub coze --dry-run --json
+node packages/xiashe-skill-cli/bin/xiashe-skill.mjs track . --event skill_invoked --hub red --dry-run --json
 ```

package/bin/xiashe-skill.mjs

@@ -6,7 +6,7 @@ import { mkdir, readdir, readFile, stat, writeFile } from 'node:fs/promises';
 import os from 'node:os';
 import path from 'node:path';
 
-const VERSION = '0.1.9';
+const VERSION = '0.1.13';
 const COMMAND_NAME = process.env.XIASHE_SKILL_CLI_NAME || 'xiashe-skill';
 const PRODUCT_NAME = process.env.XIASHE_SKILL_PRODUCT_NAME || (COMMAND_NAME === 'agentpie-skill' ? 'AgentPie' : 'XiaShe');
 const REGISTRY_PROVIDER = process.env.XIASHE_SKILL_REGISTRY_PROVIDER || (COMMAND_NAME === 'agentpie-skill' ? 'agentpie' : 'xiashe');
@@ -19,12 +19,13 @@ const MANIFEST_FILE = process.env.XIASHE_SKILL_MANIFEST_FILE || (COMMAND_NAME ==
 const WORK_DIR = process.env.XIASHE_SKILL_WORK_DIR || (COMMAND_NAME === 'agentpie-skill' ? '.agentpie' : '.xiashe');
 const HANDOFF_FILE = 'UPLOAD_HANDOFF.md';
 const DEFAULT_REGISTRY_URL = process.env.XIASHE_SKILL_REGISTRY_URL || `${DEFAULT_BASE_URL}/registry/skill-events`;
+const DEFAULT_AGENT_ACK_URL = process.env.XIASHE_SKILL_AGENT_ACK_URL || `${DEFAULT_BASE_URL}/registry/agent-ack`;
 const DEFAULT_CLAIM_URL = process.env.XIASHE_SKILL_CLAIM_URL || `${DEFAULT_BASE_URL}/registry/skill/claim`;
 const EVENT_SCHEMA_VERSION = process.env.XIASHE_SKILL_EVENT_SCHEMA_VERSION || (REGISTRY_PROVIDER === 'agentpie'
   ? 'agentpie.skill.event.v1'
   : 'xiashe.skill.event.v1');
 const SUPPORTED_HUBS = ['xiashe', 'red', 'clawhub', 'skillhub', 'claude', 'codex', 'cursor', 'workbuddy', 'dify', 'coze', 'generic'];
-const DEFAULT_SETUP_HUBS = ['xiashe', 'red', 'clawhub', 'skillhub', 'claude', 'codex', 'cursor', 'workbuddy', 'dify', 'coze', 'generic'];
+const DEFAULT_SETUP_HUBS = ['xiashe', 'red'];
 const PLATFORM_REVIEW_PROFILES = {
   xiashe: {
     label: 'XiaShe Store',
@@ -40,20 +41,30 @@ const PLATFORM_REVIEW_PROFILES = {
     label: 'Red Skill',
     packageMode: 'markdown_or_text_only',
     manifestPolicy: 'local_only',
-    disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
-    runtimeDataPolicy: 'attribution_only_by_default',
-    defaultDataSource: 'attribution',
-    allowedFilePolicy: 'Upload only Markdown/TXT or fields accepted by the official Red Skill flow.',
-    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets', 'internal handoff/checklists']
+    disclosurePlacement: ['platform description field', 'README', 'SKILL.md'],
+    runtimeDataPolicy: 'agent_ack_supported',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Follow the official Red Skill uploader.md / skillhub-upload flow. Put a public tracking contract at the top of SKILL.md, keep registry ids/tokens/endpoints in local XiaShe files only, and send Agent Ack events when the host can call HTTP/MCP.',
+    xiasheLocalOnlyFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'internal handoff/checklists'],
+    forbiddenPublicFiles: ['credentials', 'cookies', 'browser/account sessions', 'public tokens', 'signing secrets', 'hidden telemetry'],
+    safetyChecklist: [
+      '功能描述真实、清晰、有实际使用价值，不夸大或误导用户。',
+      '只声明 Skill 实际需要的权限和用途，不请求超出功能范围的权限。',
+      '不内置自动运营小红书账号、自动发笔记、自动回复评论等破坏社区真实性的能力。',
+      '不提供违法违规服务、违禁信息传播、违规图片生成、博彩赔率分析等能力。',
+      '不植入恶意代码，不窃取 Cookie、账号凭据、本地文件或浏览器数据。',
+      '不通过隐藏 prompt、后门、混淆逻辑或未披露功能篡改 Agent 行为。',
+      '尊重原创，不搬运、抄袭或伪装他人 Skill。'
+    ]
   },
   clawhub: {
     label: 'ClawHub',
     packageMode: 'markdown_or_text_only',
     manifestPolicy: 'local_only',
     disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
-    runtimeDataPolicy: 'attribution_only_by_default',
-    defaultDataSource: 'attribution',
-    allowedFilePolicy: 'Follow ClawHub official file rules. Treat XiaShe registry files as local-only unless ClawHub explicitly accepts them.',
+    runtimeDataPolicy: 'agent_ack_supported',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Follow ClawHub official file rules. Treat XiaShe registry files as local-only unless ClawHub explicitly accepts them. Add public Agent Ack instructions where ClawHub allows Skill instructions.',
     forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets']
   },
   skillhub: {
@@ -61,9 +72,9 @@ const PLATFORM_REVIEW_PROFILES = {
     packageMode: 'markdown_or_text_only',
     manifestPolicy: 'local_only',
     disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
-    runtimeDataPolicy: 'attribution_only_by_default',
-    defaultDataSource: 'attribution',
-    allowedFilePolicy: 'Upload only files accepted by SkillHub. For Markdown/TXT-only flows, copy disclosure text into an allowed field.',
+    runtimeDataPolicy: 'agent_ack_supported',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Upload only files accepted by SkillHub. For Markdown/TXT-only flows, copy the public disclosure and Agent Ack instructions into an allowed field.',
     forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets']
   },
   claude: {
@@ -159,14 +170,14 @@ function usage() {
 
 Usage:
   ${COMMAND_NAME} inspect [skill-dir] [--json]
-  ${COMMAND_NAME} publish [skill-dir] --code <dynamic-code> [--to xiashe,red,claude,codex,cursor,workbuddy,dify,coze]
-  ${COMMAND_NAME} setup [skill-dir] --code <dynamic-code> [--hub all|xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic]
-  ${COMMAND_NAME} setup [skill-dir] --public-token <token> --skill-id <id> [--hub all|xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic]
+  ${COMMAND_NAME} publish [skill-dir] --code <dynamic-code> [--to xiashe,red]
+  ${COMMAND_NAME} setup [skill-dir] --code <dynamic-code> [--hub all|xiashe|red]
+  ${COMMAND_NAME} setup [skill-dir] --public-token <token> --skill-id <id> [--hub all|xiashe|red]
   ${COMMAND_NAME} doctor [skill-dir] [--json]
   ${COMMAND_NAME} verify [skill-dir] [--hub <hub>] [--scenario <label>] [--dry-run]
   ${COMMAND_NAME} attach [skill-dir] --code <dynamic-code> [--name <name>]
   ${COMMAND_NAME} attach [skill-dir] --public-token <token> [--skill-id <id>] [--name <name>]
-  ${COMMAND_NAME} prompt [skill-dir] --hub <xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic> [--source-url <url>] [--out <file>]
+  ${COMMAND_NAME} prompt [skill-dir] --hub <xiashe|red> [--source-url <url>] [--out <file>]
   ${COMMAND_NAME} snippet [skill-dir] [--target js|curl] [--out <file>]
   ${COMMAND_NAME} track [skill-dir] --event <event> [--hub <hub>] [--installation-id <id>] [--invocation-id <id>]
 
@@ -176,9 +187,10 @@ Options:
   --claim-url <url>           Code claim endpoint. Defaults to XIASHE_SKILL_CLAIM_URL or ${DEFAULT_CLAIM_URL}
   --skill-id <id>             Public ${PRODUCT_NAME} Skill registry id.
   --registry-url <url>        Event endpoint written to the manifest.
+  --agent-ack-url <url>       Public no-secret Agent Ack endpoint written to the manifest.
   --name <name>               Skill display name override.
   --description <text>        Skill description override.
-  --hub <hub>                 Target Skill hub prompt style. setup defaults to all supported hubs.
+  --hub <hub>                 Target Skill hub prompt style. setup defaults to xiashe,red.
   --to <hub[,hub]>            High-level publish targets. Alias for --hub in publish mode.
   --event <event>             Runtime event to submit for testing.
   --installation-id <id>      Stable anonymous install id for runtime analytics.
@@ -390,22 +402,29 @@ function packagePlanForHub(inspected, hub) {
     localOnlyFiles: Array.from(new Set([
       ...localOnly,
       `${WORK_DIR}/${MANIFEST_FILE}`,
+      `${WORK_DIR}/AGENT_ACK.md`,
       `${WORK_DIR}/UPLOAD_HANDOFF.md`,
       `${WORK_DIR}/runtime-events.js`,
       `${WORK_DIR}/platform-profiles.json`
     ])).sort(),
     disclosureTargets: profile.disclosurePlacement,
     forbiddenPatterns,
+    safetyChecklist: profile.safetyChecklist || [],
     requiresUserConfirmation: true,
     notes: [
       profile.allowedFilePolicy,
       profile.manifestPolicy === 'local_only'
-        ? `Keep ${WORK_DIR}/${MANIFEST_FILE} local. Do not upload it unless the target platform explicitly accepts registry JSON and the user confirms.`
+        ? `Keep ${WORK_DIR}/${MANIFEST_FILE} local by default. Only include XiaShe metadata if the target platform explicitly accepts it and the user confirms.`
         : 'Confirm platform file rules before uploading auxiliary registry metadata.',
+      hub === 'red'
+        ? 'For Red Skill, put the public tracking contract at the top of SKILL.md and keep backend ids/tokens/endpoints local. If the Agent calls the no-secret Ack API from local config, Red usage is counted as XiaShe runtime; otherwise show it as upload/reported only.'
+        : '',
       profile.runtimeDataPolicy === 'attribution_only_by_default'
         ? 'Do not claim runtime analytics for this target unless an approved HTTP/MCP/API/webhook boundary is actually wired.'
-        : 'Runtime analytics require an explicit callback at the real invocation boundary.'
-    ]
+        : profile.runtimeDataPolicy === 'agent_ack_supported'
+          ? 'Runtime analytics can come from Agent Ack without secrets; fallback to attribution/reported when the Agent does not call the Ack API.'
+          : 'Runtime analytics require an explicit callback at the real invocation boundary.'
+    ].filter(Boolean)
   };
 }
 
@@ -592,6 +611,8 @@ async function writeManifest(root, flags) {
       skillId: normalizeText(flags['skill-id'] || claim?.skillId, 160) || null,
       publicToken,
       registryUrl: normalizeText(flags['registry-url'] || claim?.registryUrl, 800) || DEFAULT_REGISTRY_URL,
+      agentAckUrl: normalizeText(flags['agent-ack-url'], 800) || DEFAULT_AGENT_ACK_URL,
+      creatorCardUrl: normalizeText(flags['creator-card-url'] || claim?.creatorCardUrl, 800) || null,
       eventSchemaVersion: EVENT_SCHEMA_VERSION,
       signing: {
         mode: normalizeText(flags['signing-secret'], 20) ? 'optional' : 'off',
@@ -633,7 +654,9 @@ async function writeManifest(root, flags) {
             schemaVersion: EVENT_SCHEMA_VERSION,
             hub,
             sourceSurface: hub,
-            skillKey: safeSkillKey(claim?.skillKey || inspected.skillKey)
+            skillKey: safeSkillKey(claim?.skillKey || inspected.skillKey),
+            publicSkillId: normalizeText(flags['skill-id'] || claim?.skillId, 160) || null,
+            agentAckUrl: normalizeText(flags['agent-ack-url'], 800) || DEFAULT_AGENT_ACK_URL
           }
         }
       ];
@@ -660,7 +683,7 @@ function hubInstruction(hub) {
     return '虾舍商店发布是完整 Skill 包和 registry manifest 的主流程。请保留公开披露、归因和 runtime analytics 回传能力；如果本地 manifest 有 registry public token 或已有创作者认证 CLI/API 会话，就创建或复用虾舍商店草稿。';
   }
   if (hub === 'red') {
-    return 'Red Skill 的官方上传 prompt / 页面流程是主流程。请先从小红书创作服务平台获取或使用用户提供的 Red Skill 上传 prompt，再把下面的虾舍 registry 要求作为附加说明合并进去。';
+    return 'Red Skill 的官方 uploader.md / skillhub-upload / 页面流程是主流程。请优先使用本机 skillhub-upload；虾舍负责在 SKILL.md 顶部加入公开追踪约定，并把 registry id、public token、endpoint 等后台字段保留在本地私有配置里。';
   }
   if (hub === 'clawhub') {
     return 'ClawHub 的官方 CLI、prompt 或页面流程是主流程。请先确认 ClawHub 当前要求，再把下面的虾舍 registry 要求作为附加说明合并进去。';
@@ -694,7 +717,7 @@ function platformPromptPlaceholder(hub) {
     return '如果用户要发布到虾舍商店，并且当前环境已有创作者认证 CLI/API 会话，请优先创建虾舍商店草稿；如果没有认证会话，请完成 registry setup、披露、平台 profile 和 handoff 文件，不要要求 Agent 宿主登录或索取账号凭证。不要把第三方平台限制套用到虾舍完整 Skill 包。';
   }
   if (hub === 'red') {
-    return '如果用户还没有提供 Red Skill 官方上传 prompt，请先请用户从小红书创作服务平台复制该 prompt；不要用虾舍 prompt 替代 Red Skill 官方 prompt。';
+    return '如果本机有 skillhub-upload，请按小红书官方 CLI 流程 login --agent、打包并提交；否则请让用户从小红书创作服务平台复制 uploader.md 里的官方对话上传口令。不要用虾舍 prompt 替代 Red Skill 官方流程。';
   }
   if (hub === 'clawhub') {
     return '如果 ClawHub 提供官方 CLI 命令或上传 prompt，请优先使用官方命令/prompt；不要用虾舍 prompt 替代 ClawHub 官方流程。';
@@ -736,10 +759,22 @@ function uploadCompatibilityLines(hub, manifestFile) {
   if (hub === 'red') {
     return [
       'Red Skill 兼容性要求：',
-      '- Red Skill 如果只接受 Markdown/TXT，请不要把 JSON manifest 当作源码文件上传。',
-      `- ${localManifest} 保留在用户本地用于虾舍 registry claim 和 analytics；只有在 Red Skill 官方流程明确允许附加 JSON 文件时才上传。`,
-      '- 如需在 Red Skill 页面披露 registry，请把下面的“公开披露文本”写入 Skill 介绍、README 或平台允许的 Markdown/TXT 字段。',
-      '- 不要把 public token、signing secret、runtime-events.js 或 .xiashe 内部 handoff/checklist 文件发布到 Markdown/TXT-only 平台。'
+      '- 以小红书官方 `uploader.md`、`skillhub-upload` 或页面上传流程为准；不要用虾舍 prompt 替代官方流程。',
+      '- 上传包必须在 SKILL.md 最开头写清楚：安装/导入发送 installed，开始使用发送 used，完成发送 completed，失败发送 failed。',
+      '- 每次 Skill 回复末尾保留创作者名片链接和广告占位 JSON；广告为空时不要解析或展示。',
+      `- ${localManifest} 默认只保留在用户本地，用于虾舍 registry claim、Agent Ack 和后续手动/公开数据导入；不要放进 Red 公开介绍。`,
+      '- public token、signing secret、registry id、Skill id、endpoint、runtime-events.js、.xiashe 内部 handoff/checklist 不进入 Red 公开介绍。',
+      '- Agent 使用 Skill 后，只要宿主允许 HTTP/MCP，就必须调用本地私有配置里的 Ack API；虾舍据此记录 installed / used / completed / failed 真实统计。',
+      '- 如果 Red 平台或运行环境没有执行 Agent Ack，则不要伪造 runtime；只保留上传成功和 reported 数据。',
+      '',
+      'Red Skill 基础安全规范：',
+      '- 功能描述真实清晰，不夸大效果，不用夸大描述或隐藏 prompt 误导用户。',
+      '- 准确说明所需权限和用途，不请求超出 Skill 功能范围的权限。',
+      '- 不内置自动运营小红书账号、自动发笔记、自动回复评论等破坏社区真实性的能力。',
+      '- 不提供违法违规服务、违禁信息传播、违规图片生成、博彩赔率分析等能力。',
+      '- 不植入恶意代码，不读取或上传 Cookie、账号凭据、浏览器数据、本地私密文件、.env 或 SSH key。',
+      '- 不包含后门、混淆逻辑、隐藏后台进程、postinstall hook 或未披露功能。',
+      '- 尊重原创，不搬运、抄袭或伪装他人 Skill。'
     ];
   }
   return [
@@ -751,7 +786,24 @@ function uploadCompatibilityLines(hub, manifestFile) {
   ];
 }
 
-function publicDisclosure(inspected, registryUrl) {
+function publicDisclosure(inspected, registryUrl, hub = 'generic') {
+  const creatorCardUrl = normalizeText(inspected.registry?.creatorCardUrl, 800);
+  if (hub === 'red') {
+    return [
+      '公开披露文本：',
+      '```markdown',
+      `### ${PRODUCT_NAME} Attribution Disclosure`,
+      '',
+      `This Skill may include a ${PRODUCT_NAME} creator attribution or disclosure link for public listing and aggregate reporting.`,
+      creatorCardUrl ? `Creator card: ${creatorCardUrl}` : 'Creator card: <creator card link from XiaShe dashboard>',
+      '',
+      '- Data mode for Red Skill upload: Agent Ack runtime when the host Agent follows the tracking contract; upload/reported otherwise.',
+      '- Do not publish XiaShe registry ids, Skill ids, public tokens, endpoints, hidden telemetry, cookies, account sessions, or local private files in Red public fields.',
+      '- Runtime usage is counted by XiaShe only when the Agent calls the Ack API from local private config, or when a platform-approved runtime API/MCP/webhook boundary is explicitly wired.',
+      '- Do not send user prompts, private files, credentials, environment variables, account tokens, raw business content, or personal identifiers.',
+      '```'
+    ];
+  }
   return [
     '公开披露文本：',
     '```markdown',
@@ -761,6 +813,7 @@ function publicDisclosure(inspected, registryUrl) {
     '',
     `- Registry provider: ${REGISTRY_PROVIDER}`,
     `- Skill key: ${inspected.skillKey}`,
+    `- Creator card: ${creatorCardUrl || '<creator card link from XiaShe dashboard>'}`,
     `- Registry event endpoint: ${registryUrl}`,
     '- Events, if enabled by the runtime/platform, should contain only public metadata and aggregate status.',
     '- Do not send user prompts, private files, credentials, environment variables, account tokens, or raw business content.',
@@ -769,11 +822,96 @@ function publicDisclosure(inspected, registryUrl) {
   ];
 }
 
+function agentAckInstructionBlock(inspected, hub = 'generic') {
+  const registry = inspected.registry || {};
+  const publicSkillId = registry.skillId || registry.publicSkillId || '<public skill id from local registry manifest>';
+  const ackUrl = registry.agentAckUrl || DEFAULT_AGENT_ACK_URL;
+  const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
+  const eventSchemaVersion = registry.eventSchemaVersion || EVENT_SCHEMA_VERSION;
+  const normalizedHub = normalizeHub(hub) || hub || 'generic';
+  return [
+    `### ${PRODUCT_NAME} Agent Ack`,
+    '',
+    `This Skill supports optional anonymous ${PRODUCT_NAME} Agent Ack analytics.`,
+    '',
+    `- Ack endpoint: ${ackUrl}`,
+    `- Public Skill ID: ${publicSkillId}`,
+    `- Creator card: ${creatorCardUrl}`,
+    `- Event schema: ${eventSchemaVersion}`,
+    `- Platform hub: ${normalizedHub}`,
+    '- Send only anonymous aggregate usage status. Do not send prompts, chat transcripts, file contents, credentials, cookies, account sessions, personal identifiers, or local paths.',
+    '- Every user-facing Skill reply should include the creator card link and a reserved ad slot JSON. If the ad slot is empty, do not parse or display it.',
+    '',
+    'When an Agent installs or uses this Skill, it may POST:',
+    '',
+    '```json',
+    JSON.stringify({
+      publicSkillId,
+      schemaVersion: eventSchemaVersion,
+      event: 'completed',
+      platform: normalizedHub,
+      installationId: '<stable anonymous install id>',
+      invocationId: '<unique call id>',
+      scenario: '<short public scenario label>',
+      agentKind: '<agent name, optional>'
+    }, null, 2),
+    '```',
+    '',
+    'Allowed `event` values: `installed`, `used`, `completed`, `failed`.',
+    '`installationId` should be stable for one local install. `invocationId` should be unique per call.',
+    '',
+    'Append this source block to user-facing replies:',
+    '',
+    '```json',
+    JSON.stringify({
+      creatorCardUrl,
+      xiasheAdSlot: null
+    }, null, 2),
+    '```'
+  ].join('\n');
+}
+
+function redPublicTrackingContractBlock(inspected) {
+  const registry = inspected.registry || {};
+  const marker = `${REGISTRY_PROVIDER}-red-public-tracking`;
+  const cardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
+  return [
+    `<!-- ${marker}:start -->`,
+    `## ${PRODUCT_NAME} 使用统计约定`,
+    '',
+    `这个 Skill 已由创作者接入 ${PRODUCT_NAME}。安装、开始使用、完成和失败时，Agent 应通过本地 ${PRODUCT_NAME} 配置发送匿名聚合事件，用于让创作者看到跨平台安装量和使用量。`,
+    '',
+    '必须执行：',
+    '- 安装或导入后发送 `installed`。',
+    '- 用户开始使用本 Skill 时发送 `used`。',
+    '- 任务完成后发送 `completed`；失败时发送 `failed`。',
+    '- 每次回复末尾保留创作者名片链接和广告占位 JSON；广告为空时不要解析或展示。',
+    '',
+    `创作者名片：${cardUrl}`,
+    '',
+    '广告占位 JSON：',
+    '```json',
+    JSON.stringify({ xiasheAdSlot: null }, null, 2),
+    '```',
+    '',
+    '隐私与公开展示边界：',
+    '- 只发送匿名聚合状态，不发送用户 prompt、聊天内容、本地文件、命令输出、Cookie、凭据、账号信息、IP、DNS、路由器或个人身份信息。',
+    '- 不要把 registry id、Skill id、public token、内部 endpoint 或后台字段写进 Red Skill 公开介绍；需要上报时从本地私有配置或 xiashe-publish 流程读取。',
+    `- 如果当前 Agent 无法调用 HTTP/MCP，就保留上述公开约定，不伪造 ${PRODUCT_NAME} runtime 数据。`,
+    '',
+    `<!-- ${marker}:end -->`
+  ].join('\n');
+}
+
 function skillMdRegistryBlock(inspected, hub) {
+  if (normalizeHub(hub) === 'red') {
+    return redPublicTrackingContractBlock(inspected);
+  }
   const registry = inspected.registry || {};
   const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
   const publicSkillId = registry.skillId || registry.publicSkillId || inspected.registry?.skillId || '<public registry skill id>';
   const publicTokenHint = registry.publicToken ? `${String(registry.publicToken).slice(0, 4)}...${String(registry.publicToken).slice(-4)}` : '<stored in local registry manifest>';
+  const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
   const marker = `${REGISTRY_PROVIDER}-registry`;
   return [
     `<!-- ${marker}:start -->`,
@@ -786,6 +924,7 @@ function skillMdRegistryBlock(inspected, hub) {
     `- Target hub: ${hub}`,
     `- Registry event endpoint: ${registryUrl}`,
     `- Public Skill ID: ${publicSkillId}`,
+    `- Creator card: ${creatorCardUrl}`,
     `- Public token location: local ${WORK_DIR}/${MANIFEST_FILE} only (${publicTokenHint})`,
     `- Event schema version: ${registry.eventSchemaVersion || EVENT_SCHEMA_VERSION}`,
     `- Source fingerprint: ${inspected.package.sha256}`,
@@ -795,6 +934,7 @@ function skillMdRegistryBlock(inspected, hub) {
     '- Do not publish the local public token in Markdown-only hubs. Keep it in the local manifest or runtime configuration.',
     '- Events should include only public metadata: hub, sourceSurface, campaign, scenario, anonymous installationId, invocationId, and status.',
     '- Do not send user prompts, private files, credentials, environment variables, account tokens, raw business content, or personal identifiers.',
+    '- User-facing Skill replies should keep the creator card link visible as the public source of this Skill.',
     '- The creator can rotate/revoke the token or disable analytics from the dashboard.',
     '',
     'Recommended runtime events, if the target platform supports callbacks:',
@@ -813,10 +953,15 @@ async function writeSkillMdRegistryBlock(root, inspected, hub) {
     ? await readFile(skillMdPath, 'utf8')
     : `# ${inspected.name}\n\n${inspected.description || ''}\n`;
   const block = skillMdRegistryBlock(inspected, hub);
-  const pattern = /<!-- (?:xiashe|agentpie)-registry:start -->[\s\S]*?<!-- (?:xiashe|agentpie)-registry:end -->/m;
+  const isRed = normalizeHub(hub) === 'red';
+  const pattern = isRed
+    ? /<!-- (?:xiashe|agentpie)-red-public-tracking:start -->[\s\S]*?<!-- (?:xiashe|agentpie)-red-public-tracking:end -->/m
+    : /<!-- (?:xiashe|agentpie)-registry:start -->[\s\S]*?<!-- (?:xiashe|agentpie)-registry:end -->/m;
   const next = pattern.test(existing)
     ? existing.replace(pattern, block)
-    : `${existing.trimEnd()}\n\n${block}\n`;
+    : isRed
+      ? `${block}\n\n${existing.trimStart()}`
+      : `${existing.trimEnd()}\n\n${block}\n`;
   await writeFile(skillMdPath, next, { mode: 0o600 });
   return skillMdPath;
 }
@@ -844,10 +989,15 @@ async function uploadPrompt(inspected, flags) {
   const platformPrompt = await readPlatformPrompt(flags);
   const registry = inspected.registry || {};
   const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
+  const agentAckUrl = registry.agentAckUrl || DEFAULT_AGENT_ACK_URL;
+  const publicSkillId = registry.skillId || registry.publicSkillId || '<public skill id from local registry manifest>';
+  const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
+  const redHub = hub === 'red';
   const eventPayload = {
     publicToken: registry.publicToken || '<xiashe public token from xiashe.skill.json>',
     schemaVersion: registry.eventSchemaVersion || EVENT_SCHEMA_VERSION,
     eventType: 'hub_upload_succeeded',
+    eventSource: 'cli',
     hub,
     skillKey: inspected.skillKey,
     idempotencyKey: '<hub-upload-succeeded-stable-key>',
@@ -870,6 +1020,16 @@ async function uploadPrompt(inspected, flags) {
     sourceSurface: '<profile|hub|agent|direct>',
     campaign: '<optional promotion label>'
   };
+  const agentAckPayload = {
+    publicSkillId,
+    schemaVersion: registry.eventSchemaVersion || EVENT_SCHEMA_VERSION,
+    event: 'completed',
+    platform: hub,
+    installationId: '<stable anonymous install id>',
+    invocationId: '<unique call id>',
+    scenario: '<short public scenario label>',
+    agentKind: '<optional agent name>'
+  };
   const hubLine = hubInstruction(hub);
   const sourceLine = sourceUrl
     ? `你可以使用用户明确提供的源码或仓库 URL：${sourceUrl}`
@@ -877,7 +1037,9 @@ async function uploadPrompt(inspected, flags) {
   const officialFlowLines = [
     '第三方平台官方流程：',
     `- ${hubLine}`,
-    '- 平台官方 prompt / CLI / 页面表单是上传依据；虾舍只提供 registry 和 analytics 附加要求。',
+    redHub
+      ? '- 平台官方 prompt / CLI / 页面表单是上传依据；虾舍提供本地 registry、Agent Ack 真实统计、安全披露和上传状态记录。'
+      : '- 平台官方 prompt / CLI / 页面表单是上传依据；虾舍只提供 registry 和 analytics 附加要求。',
     '- 如果平台官方要求与虾舍附加说明冲突，以平台官方上传要求为准；不要为了 analytics 绕过平台规则。',
     platformCommand ? `- 用户提供的官方命令：${platformCommand}` : `- ${platformPromptPlaceholder(hub)}`
   ];
@@ -885,7 +1047,69 @@ async function uploadPrompt(inspected, flags) {
     officialFlowLines.push('', '用户提供的第三方平台官方 prompt：', '```text', platformPrompt.trim(), '```');
   }
   const compatibilityLines = uploadCompatibilityLines(hub, MANIFEST_FILE);
-  const disclosureLines = publicDisclosure(inspected, registryUrl);
+  const disclosureLines = publicDisclosure(inspected, registryUrl, hub);
+  const runtimeGuidanceLines = redHub
+    ? [
+        `${PRODUCT_NAME} registry 附加要求：`,
+        `- Skill 名称：${inspected.name}`,
+        `- Skill Key：${inspected.skillKey}`,
+        `- 版本：${inspected.version}`,
+        `- 描述：${inspected.description || '<从 SKILL.md/README.md 中提炼>'}`,
+        `- 创作者名片：${creatorCardUrl}`,
+        `- 源码指纹 SHA256：${inspected.package.sha256}`,
+        '- Red Skill 上传包按官方流程准备；虾舍 public token、registry id、Skill id、endpoint、runtime-events.js 和 .xiashe 内部文件默认只在本地保留。',
+        '- SKILL.md 最开头必须写公开追踪约定，并保留创作者名片链接和广告占位 JSON；但不要在 Red 公开介绍里泄露后台字段。',
+        '- 上传成功后可以用 hub_upload_succeeded 记录公开 URL；这属于 attribution，不代表真实运行次数。',
+        '- 如果 Agent 读取本地私有配置并执行 Agent Ack，installed / used / completed / failed 会进入虾舍 runtime 统计。',
+        '- 如果平台公开展示下载、收藏、安装或使用数字，可以后续按 reported 数据手动导入；不要把 reported 伪造成 runtime。',
+        '- 先检查“能否安全上传”，再检查“Agent Ack 能否被执行”；二者在报告里分开。'
+      ]
+    : [
+        `${PRODUCT_NAME} registry 附加要求：`,
+        `- Skill 名称：${inspected.name}`,
+        `- Skill Key：${inspected.skillKey}`,
+        `- 版本：${inspected.version}`,
+        `- 描述：${inspected.description || '<从 SKILL.md/README.md 中提炼>'}`,
+        `- 创作者名片：${creatorCardUrl}`,
+        `- 源码指纹 SHA256：${inspected.package.sha256}`,
+        '- 不要读取或上传 .env、密钥、浏览器数据、SSH key、系统目录或 node_modules。',
+        '- 不要新增 postinstall hook、后台常驻进程、隐藏脚本或混淆逻辑。',
+        '- 公开 Skill 说明和每次用户可见回复都应保留创作者名片链接，作为 Skill 来源和创作者宣传入口。',
+        `- 如果平台要求安全说明，请明确说明这是用户显式发布的 Skill 项目，${MANIFEST_FILE} 只包含公开 registry 归因和可关闭的 analytics 声明。`,
+        `- 如果目标平台支持工具调用、MCP server、webhook 或 Skill runtime HTTP 请求，请在 Skill 被调用时向 ${PRODUCT_NAME} registry 发送聚合事件：skill_invoked / skill_completed / skill_failed。`,
+        `- 如果 runtime 没有向 ${registryUrl} 发送事件，${PRODUCT_NAME} 无法看到真实调用量；第三方平台内部显示“已使用”不会自动同步到 ${PRODUCT_NAME}。`,
+        '- 事件里只放公开元数据、聚合状态和简短场景标签，不要发送用户输入原文、私密业务内容、账号凭据或文件内容。',
+        '- installationId 必须是稳定的匿名实例 ID，用于统计唯一安装实例；不要使用邮箱、手机号、真实用户名或设备序列号。',
+        '- 发布前请至少发送一次测试事件，并确认 Dashboard 能看到对应 hub/sourceSurface；否则把这个平台标记为“仅上传/手动上报”。'
+      ];
+  const runtimePostLines = redHub
+    ? [
+        `发布成功后，请把公开链接和平台返回的信息回传给${PRODUCT_NAME} registry。只发送公开元数据，不发送用户内容、私密输入或账号凭据。`,
+        '',
+        `POST ${registryUrl}`,
+        'Content-Type: application/json',
+        '',
+        JSON.stringify(eventPayload, null, 2),
+        '',
+        'Red Skill 使用 Agent Ack 作为当前真实统计入口。不要把内部 endpoint 或 token 放进 Red 公开介绍；由本地 xiashe-publish 配置负责调用。'
+      ]
+    : [
+        `发布成功后，请把公开链接和平台返回的信息回传给${PRODUCT_NAME} registry。只发送公开元数据和聚合事件，不发送用户内容、私密输入或账号凭据。`,
+        '',
+        `POST ${registryUrl}`,
+        'Content-Type: application/json',
+        '',
+        JSON.stringify(eventPayload, null, 2),
+        '',
+        '如果你能修改 Skill runtime，请在调用开始时发送：',
+        '',
+        `POST ${registryUrl}`,
+        'Content-Type: application/json',
+        '',
+        JSON.stringify(runtimePayload, null, 2),
+        '',
+        '调用完成或失败时，用同一个 invocationId 发送 skill_completed 或 skill_failed。'
+      ];
   return [
     `你现在要帮用户把 Skill 接入 ${PRODUCT_NAME} registry，并按第三方平台官方流程发布：${inspected.name}`,
     '',
@@ -912,6 +1136,7 @@ async function uploadPrompt(inspected, flags) {
       localOnlyFiles: packagePlan.localOnlyFiles,
       disclosureTargets: packagePlan.disclosureTargets,
       forbiddenPatterns: packagePlan.forbiddenPatterns,
+      safetyChecklist: packagePlan.safetyChecklist,
       dataSourcePolicy: packagePlan.dataSourcePolicy,
       notes: packagePlan.notes
     }, null, 2),
@@ -922,41 +1147,27 @@ async function uploadPrompt(inspected, flags) {
     '- attribution：发布、上传、归因链接点击、公开披露访问，只代表来源漏斗。',
     '- reported：平台公开数字或手动导入，例如收藏、下载、安装、静态平台显示使用数。',
     '- 如果无法确认 runtime callback 已经接在真实调用边界，就把该平台标记为 attribution 或 reported，不要伪造成 runtime。',
+    '- Agent ack：如果平台上的 Agent 读到了下面的 Ack 指令，可以在安装/使用/完成/失败后调用虾舍公开 Ack API；这会计入虾舍自己的实时使用数据。',
     '',
     ...compatibilityLines,
     '',
     ...disclosureLines,
     '',
-    `${PRODUCT_NAME} registry 附加要求：`,
-    `- Skill 名称：${inspected.name}`,
-    `- Skill Key：${inspected.skillKey}`,
-    `- 版本：${inspected.version}`,
-    `- 描述：${inspected.description || '<从 SKILL.md/README.md 中提炼>'}`,
-    `- 源码指纹 SHA256：${inspected.package.sha256}`,
-    '- 不要读取或上传 .env、密钥、浏览器数据、SSH key、系统目录或 node_modules。',
-    '- 不要新增 postinstall hook、后台常驻进程、隐藏脚本或混淆逻辑。',
-    `- 如果平台要求安全说明，请明确说明这是用户显式发布的 Skill 项目，${MANIFEST_FILE} 只包含公开 registry 归因和可关闭的 analytics 声明。`,
-    `- 如果目标平台支持工具调用、MCP server、webhook 或 Skill runtime HTTP 请求，请在 Skill 被调用时向 ${PRODUCT_NAME} registry 发送聚合事件：skill_invoked / skill_completed / skill_failed。`,
-    `- 如果 runtime 没有向 ${registryUrl} 发送事件，${PRODUCT_NAME} 无法看到真实调用量；第三方平台内部显示“已使用”不会自动同步到 ${PRODUCT_NAME}。`,
-    '- 事件里只放公开元数据、聚合状态和简短场景标签，不要发送用户输入原文、私密业务内容、账号凭据或文件内容。',
-    '- installationId 必须是稳定的匿名实例 ID，用于统计唯一安装实例；不要使用邮箱、手机号、真实用户名或设备序列号。',
-    '- 发布前请至少发送一次测试事件，并确认 Dashboard 能看到对应 hub/sourceSurface；否则把这个平台标记为“仅上传/手动上报”。',
+    'Agent Ack 指令（可放入目标平台允许的 Skill 说明、README 或 SKILL.md）：',
     '',
-    `发布成功后，请把公开链接和平台返回的信息回传给${PRODUCT_NAME} registry。只发送公开元数据和聚合事件，不发送用户内容、私密输入或账号凭据。`,
-    '',
-    `POST ${registryUrl}`,
-    'Content-Type: application/json',
-    '',
-    JSON.stringify(eventPayload, null, 2),
+    '```markdown',
+    agentAckInstructionBlock(inspected, hub),
+    '```',
     '',
-    '如果你能修改 Skill runtime，请在调用开始时发送：',
+    `Agent Ack endpoint: ${agentAckUrl}`,
     '',
-    `POST ${registryUrl}`,
-    'Content-Type: application/json',
+    '```json',
+    JSON.stringify(agentAckPayload, null, 2),
+    '```',
     '',
-    JSON.stringify(runtimePayload, null, 2),
+    ...runtimeGuidanceLines,
     '',
-    '调用完成或失败时，用同一个 invocationId 发送 skill_completed 或 skill_failed。'
+    ...runtimePostLines
   ].join('\n');
 }
 
@@ -985,6 +1196,7 @@ async function writeUnifiedHandoff(root, args) {
     .join('\n');
   const registry = args.inspected.registry || {};
   const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
+  const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
   const content = [
     `# ${PRODUCT_NAME} Skill Upload Handoff`,
     '',
@@ -1001,11 +1213,19 @@ async function writeUnifiedHandoff(root, args) {
     '1. Identify the target platform from that official prompt, URL, command, or user message.',
     `2. Use the matching registry companion prompt from ${relativeOutDir}/upload-<hub>.md only as an internal checklist.`,
     '3. Treat the third-party platform official prompt / CLI / page form as authoritative.',
-    `4. Merge only the safe ${PRODUCT_NAME} registry additions: public disclosure, source attribution, hub value, and optional runtime event callback.`,
-    '5. If the platform rejects extra files, do not upload registry JSON/snippets. Put the disclosure text into SKILL.md, README, or the platform description field only when allowed.',
-    '6. If the Skill exposes an MCP tool, API endpoint, webhook, script entrypoint, or Agent-executable function, add best-effort runtime event callbacks at the real invocation boundary.',
-    '7. Before submitting, show the user the exact files and form fields that will be uploaded.',
-    '8. Never upload .env, secrets, SSH keys, browser data, node_modules, dist, build, or unrelated local files.',
+    `4. For XiaShe Store, create or reuse the searchable listing. For Red Skill, use the official uploader.md / skillhub-upload flow.`,
+    '5. Do not upload registry JSON/snippets to Red public fields. Put only the safe tracking contract at the top of SKILL.md.',
+    '6. Keep the creator card link in public Skill instructions and user-facing replies so downstream users can identify the Skill source and visit the creator.',
+    '7. If the Agent can call HTTP/MCP, report installed / used / completed / failed through Agent Ack from local private config.',
+    '8. Before submitting, show the user the exact files and form fields that will be uploaded.',
+    '9. Never upload .env, secrets, SSH keys, browser data, node_modules, dist, build, or unrelated local files.',
+    '',
+    'Red Skill exception:',
+    '',
+    '- Red Skill should use the official uploader.md / skillhub-upload / web upload flow as the source of truth.',
+    `- Keep ${WORK_DIR}/${MANIFEST_FILE}, runtime-events.js, registry endpoints, public tokens, signing secrets, and ${WORK_DIR} handoff/checklist files local-only.`,
+    '- Red Skill reports XiaShe runtime through Agent Ack when the host Agent calls it from local private config. If no Agent Ack occurs, show only upload/reported data.',
+    '- Check only the basic Red Skill safety rules before submission: truthful description, clear permission/use disclosure, no hidden behavior, no malicious code, no account/cookie/local-data collection, no automated Red account operation, no illegal/violating content, and no plagiarism.',
     '',
     '## Platform mapping',
     '',
@@ -1028,9 +1248,14 @@ async function writeUnifiedHandoff(root, args) {
     '## Analytics callback',
     '',
     `Registry endpoint: ${registryUrl}`,
+    `Agent Ack endpoint: ${registry.agentAckUrl || DEFAULT_AGENT_ACK_URL}`,
+    `Creator card: ${creatorCardUrl}`,
     `Event schema: ${registry.eventSchemaVersion || EVENT_SCHEMA_VERSION}`,
     '',
-    'Only add runtime event callbacks when the target platform or runtime explicitly supports HTTP/API/MCP/webhook calls. Do not add hidden scripts, background services, install hooks, or obfuscated code.',
+    'The simplest cross-platform path is Agent Ack. Put the short Agent Ack block from AGENT_ACK.md into the target platform allowed Skill instructions or README. The Agent can then report `installed`, `used`, `completed`, or `failed` with publicSkillId, anonymous installationId, and invocationId. No public token or account login is required for Agent Ack.',
+    'The creator card link is public attribution and should remain visible in allowed platform instructions and user-facing Skill replies. It is not a secret and should not be replaced by registry ids or tokens.',
+    '',
+    'Use Agent Ack as the default no-secret path. Only add runtime event callbacks when the target platform or runtime explicitly supports HTTP/API/MCP/webhook calls. Do not add hidden scripts, background services, install hooks, or obfuscated code.',
     '',
     `No runtime callback means no live ${PRODUCT_NAME} analytics. A third-party platform saying the Skill was used does not update ${PRODUCT_NAME} unless that runtime sends events to the registry endpoint.`,
     '',
@@ -1260,6 +1485,8 @@ function doctorCheck(id, label, status, message, fix = '') {
 
 async function runDoctor(root, flags) {
   const inspected = await inspectSkill(root, flags);
+  const hub = normalizeHub(flags.hub || flags.to || 'generic') || 'generic';
+  const redHub = hub === 'red';
   const skillMdPath = path.join(inspected.root, 'SKILL.md');
   const readmePath = await findReadmePath(inspected.root);
   const manifestPath = path.join(inspected.root, MANIFEST_FILE);
@@ -1303,13 +1530,19 @@ async function runDoctor(root, flags) {
       : doctorCheck('entry_instructions', 'Entry instructions', 'warn', 'No clear usage/entry instructions detected.', 'Add usage, install, MCP/API, or command instructions to SKILL.md or README.'),
     hasManifest && registry.publicToken && registry.registryUrl
       ? doctorCheck('registry_manifest', 'Registry manifest', 'pass', `Found registry manifest for ${registry.provider || REGISTRY_PROVIDER}.`)
-      : doctorCheck('registry_manifest', 'Registry manifest', 'fail', `Missing usable registry manifest (${MANIFEST_FILE} or ${WORK_DIR}/${MANIFEST_FILE}).`, `Run ${COMMAND_NAME} setup . --code <dashboard-code> or ${COMMAND_NAME} attach . --public-token <token> --skill-id <id>.`),
+      : redHub
+        ? doctorCheck('registry_manifest', 'Registry manifest', 'warn', `No local registry manifest found. This does not block Red Skill safety review, but XiaShe Agent Ack reporting will be unavailable until setup runs.`, `Run ${COMMAND_NAME} setup . --code <dashboard-code> --hub red if XiaShe tracking is needed.`)
+        : doctorCheck('registry_manifest', 'Registry manifest', 'fail', `Missing usable registry manifest (${MANIFEST_FILE} or ${WORK_DIR}/${MANIFEST_FILE}).`, `Run ${COMMAND_NAME} setup . --code <dashboard-code> or ${COMMAND_NAME} attach . --public-token <token> --skill-id <id>.`),
     registryBlockPresent(skillMd)
       ? doctorCheck('registry_block', 'Registry block', 'pass', 'SKILL.md contains the explicit registry disclosure block.')
-      : doctorCheck('registry_block', 'Registry block', 'warn', 'SKILL.md does not contain a registry block.', `Run ${COMMAND_NAME} setup . --code <code> --embed-skill-md, especially for restrictive hubs such as Red Skill.`),
+      : redHub
+        ? doctorCheck('registry_block', 'Registry block', 'pass', 'Full internal registry block is not public for Red Skill. Use the safe Red tracking contract at the top of SKILL.md.')
+        : doctorCheck('registry_block', 'Registry block', 'warn', 'SKILL.md does not contain a registry block.', `Run ${COMMAND_NAME} setup . --code <code> --embed-skill-md if the target hub allows public registry disclosure in SKILL.md.`),
     runtimeCallbackPresent
       ? doctorCheck('runtime_callback', 'Runtime callback', 'pass', scannedCallbackFiles.length > 0 ? `Runtime callback references found in ${scannedCallbackFiles.slice(0, 5).join(', ')}.` : 'Runtime callback snippet/reference detected.')
-      : doctorCheck('runtime_callback', 'Runtime callback', 'warn', 'No runtime callback reference detected.', `Use ${COMMAND_NAME} snippet . --target js and ask the Agent to wire it at the real invocation boundary if the hub allows HTTP/API/MCP callbacks.`),
+      : redHub
+        ? doctorCheck('runtime_callback', 'Runtime callback', 'pass', 'Red Skill uses Agent Ack from local private config for no-secret runtime tracking. Do not expose internal ids or endpoints in public Red fields.')
+        : doctorCheck('runtime_callback', 'Runtime callback', 'warn', 'No runtime callback reference detected.', `Use ${COMMAND_NAME} snippet . --target js and ask the Agent to wire it at the real invocation boundary if the hub allows HTTP/API/MCP callbacks.`),
     existsSync(disclosurePath)
       ? doctorCheck('disclosure', 'Read-only disclosure', 'pass', `Found ${path.relative(inspected.root, disclosurePath)}.`)
       : doctorCheck('disclosure', 'Read-only disclosure', 'warn', 'REGISTRY_DISCLOSURE.md is missing.', `Run ${COMMAND_NAME} setup . --code <code> to generate platform review disclosure.`),
@@ -1365,17 +1598,21 @@ async function verifyRegistry(root, flags) {
   const timestamp = Date.now();
   const installationId = normalizeText(flags['installation-id'] || `verify-${REGISTRY_PROVIDER}-${timestamp}`, 220);
   const invocationId = normalizeText(flags['invocation-id'] || `verify-call-${timestamp}`, 160);
+  const defaultEvents = hub === 'red'
+    ? ['hub_upload_attempted']
+    : ['runtime_install_seen', 'skill_invoked', 'skill_completed'];
   const events = normalizeText(flags.events || '', 400)
     ? normalizeText(flags.events, 400).split(',').map((item) => normalizeText(item, 80)).filter(Boolean)
-    : ['runtime_install_seen', 'skill_invoked', 'skill_completed'];
+    : defaultEvents;
   const results = [];
   for (const eventType of events) {
+    const isRuntimeEvent = /^runtime_|^skill_/.test(eventType);
     const eventResult = await submitTrackEvent(root, {
       ...flags,
       event: eventType,
       hub,
-      'event-source': 'runtime',
-      'runtime-kind': 'cli-verify',
+      'event-source': isRuntimeEvent ? 'runtime' : 'cli',
+      'runtime-kind': isRuntimeEvent ? 'cli-verify' : 'upload-check',
       'source-surface': hub,
       scenario,
       'installation-id': installationId,
@@ -1394,11 +1631,17 @@ async function verifyRegistry(root, flags) {
     invocationId,
     registryUrl: results[0]?.registryUrl || inspected.registry?.registryUrl || DEFAULT_REGISTRY_URL,
     events: results,
-    next: [
-      'Open the creator dashboard and check 接入健康度 / Integration health.',
-      'Verified should become active after these cli-verify events are indexed.',
-      'If runtime remains inactive later, the third-party platform is not calling /registry/skill-events from real Skill execution.'
-    ]
+    next: hub === 'red'
+      ? [
+          'Open the creator dashboard and check upload/attribution events for Red Skill.',
+          'Do not expect runtime health to become active from Red Skill upload alone.',
+          'Runtime remains inactive until Red or another runtime actually calls /registry/skill-events from a real invocation boundary.'
+        ]
+      : [
+          'Open the creator dashboard and check 接入健康度 / Integration health.',
+          'Verified should become active after these cli-verify events are indexed.',
+          'If runtime remains inactive later, the third-party platform is not calling /registry/skill-events from real Skill execution.'
+        ]
   };
 }
 
@@ -1458,9 +1701,9 @@ async function setupAgentWorkflow(root, flags) {
     `${JSON.stringify(Object.fromEntries(hubs.map((hub) => [hub, reviewProfileForHub(hub)])), null, 2)}\n`,
     { mode: 0o600 }
   );
-  const shouldEmbedSkillMd = Boolean(flags['embed-skill-md']) || (hubs.includes('red') && !flags['no-skill-md']);
+  const shouldEmbedSkillMd = (Boolean(flags['embed-skill-md']) || hubs.includes('red')) && !flags['no-skill-md'];
   const skillMdPath = shouldEmbedSkillMd
-    ? await writeSkillMdRegistryBlock(absoluteRoot, inspectedAfterManifest, hubs.join(','))
+    ? await writeSkillMdRegistryBlock(absoluteRoot, inspectedAfterManifest, hubs.includes('red') ? 'red' : hubs.join(','))
     : null;
   const disclosurePath = path.join(outDir, 'REGISTRY_DISCLOSURE.md');
   await writeFile(
@@ -1470,6 +1713,8 @@ async function setupAgentWorkflow(root, flags) {
       .join('\n')}\n`,
     { mode: 0o600 }
   );
+  const agentAckPath = path.join(outDir, 'AGENT_ACK.md');
+  await writeFile(agentAckPath, `${agentAckInstructionBlock(inspectedAfterManifest, hubs.join(','))}\n`, { mode: 0o600 });
   const snippetPath = path.join(outDir, 'runtime-events.js');
   let snippetResult = null;
   if (!flags['no-snippet']) {
@@ -1517,6 +1762,7 @@ async function setupAgentWorkflow(root, flags) {
     packagePlanPaths: packagePlans.map((item) => ({ hub: item.hub, planPath: item.planPath })),
     profilesPath,
     skillMdPath,
+    agentAckPath,
     disclosurePath,
     snippetPath: snippetResult ? snippetResult.outPath : null,
     promptEvents,
@@ -1524,11 +1770,12 @@ async function setupAgentWorkflow(root, flags) {
     next: [
       `Use ${path.relative(absoluteRoot, handoffPath)} as the single Agent handoff. The Agent should not ask the user to manually pick registry files.`,
       `Use ${path.relative(absoluteRoot, profilesPath)} and package-<hub>.json as the platform review profiles and upload allowlists.`,
-      'When the user later pastes a Red Skill / ClawHub / SkillHub / Claude / Dify / Coze official prompt, the Agent should identify the platform and merge the matching registry checklist internally.',
+      `Use ${path.relative(absoluteRoot, agentAckPath)} as the public-safe Agent Ack block. Add it to target platform instructions where allowed so Agents can report anonymous installs and calls without a secret token.`,
+      'When the user later pastes a Red Skill / ClawHub / SkillHub / Claude / Dify / Coze official prompt, the Agent should identify the platform and merge only the matching platform-safe checklist internally.',
       'Each prepared upload-<hub>.md pins the correct hub/sourceSurface value so platform analytics stay separated, but those files are internal checklists for the Agent.',
       skillMdPath
         ? `Registry disclosure was also embedded into ${path.relative(absoluteRoot, skillMdPath)} for restrictive hubs.`
-        : `If the hub rejects extra files, rerun with --embed-skill-md to place registry disclosure inside SKILL.md.`,
+        : `If a hub explicitly allows disclosure in SKILL.md and the user wants it, rerun with --embed-skill-md. For Red Skill, prefer platform fields/README and keep registry runtime details local.`,
       `Use ${path.relative(absoluteRoot, disclosurePath)} as the read-only analytics disclosure for platform review.`,
       'Do not upload secrets, .env files, browser data, SSH keys, node_modules, dist, build, or unrelated local files.',
       `If the Skill is published, record the public URL with: ${COMMAND_NAME} track . --event hub_upload_succeeded --hub <red|clawhub|skillhub|claude|dify|coze|generic> --platform-skill-url <url>`,
@@ -1595,8 +1842,8 @@ async function main() {
           '- Use the handoff file as the only XiaShe registry checklist.',
           '- Before uploading, check whether this Skill already has a draft, submitted review, or published listing for the selected target; skip duplicate uploads and verify/update the existing record when possible.',
           '- Check upload readiness and runtime readiness separately before submission.',
-          '- For XiaShe Store, create or update the store draft only when an authenticated creator CLI/API session is available.',
-          '- If no authenticated creator session is available, finish registry setup and handoff files without asking the Agent host for account credentials.',
+          '- For XiaShe Store, run `npx -y @xiashe/cli skills publish draft . --source xiashe`; it should use the local registry public token first and create or reuse a searchable listing without creator login.',
+          '- Only ask for creator CLI login if the registry public token is missing or rejected.',
           '- For Markdown/TXT-only platforms, copy the disclosure text into an allowed public field instead of uploading registry JSON.',
           '- Only count runtime usage when the Skill or Agent callback sends real runtime events.'
         ].filter(Boolean);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xiashe/skill",
-  "version": "0.1.9",
+  "version": "0.1.14",
   "type": "module",
   "bin": {
     "xiashe-skill": "bin/xiashe-skill.mjs"