← Back to Skills Marketplace
zhangpei03

Kuaishou Genius Actual

by zhangpei03 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
199
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install kuaishou-genius-actual
Description
Use this skill whenever the user asks to analyze, verify, debug, reverse-engineer, or automate Kuaishou Genius「预算/预测/实际」页面 data flow (especially management-y...
README (SKILL.md)

Kuaishou Genius Actual API Skill

Overview

This skill helps an agent quickly move from Genius 页面操作 to 可复用的接口调用地图与脚本化验证 for the management-yearly/actual workflow.

Use it when the goal is to identify core backend endpoints, validate request dependencies, and build repeatable checks for Genius Actual data retrieval.

Quick Start

  1. Ensure login/session is valid for genius.corp.kuaishou.com.
  2. Capture network around page reload and key filter actions.
  3. Focus on /budget-portal/api/* requests; ignore static assets and telemetry unless debugging auth/risk.
  4. Run script-based endpoint probe/client:
cd scripts
bash genius_api_probe.sh \
  --base-url "https://genius.corp.kuaishou.com" \
  --cookie "accessproxy_session=\x3CYOUR_COOKIE>" \
  --year 2026

python3 genius_client.py \
  --cookie "accessproxy_session=\x3CYOUR_COOKIE>" \
  workflow --year 2026
  1. Output a concise report with:
    • reachable endpoints
    • required params/payload hints
    • dependency order
    • known blockers/limitations

Supported Capabilities

  1. Core API extraction

    • Identify actual business endpoints used by management-yearly/actual.

  2. API map generation

    • Build endpoint catalog: method, path, purpose, required params/body.

  3. Workflow reconstruction

    • Reconstruct request order from page load to ledger detail fetch.

  4. Scripted probing

    • Use scripts/genius_api_probe.sh to quickly verify endpoint reachability and baseline responses.

  5. Troubleshooting focus

    • Distinguish business API failures from:
      • SSO/session expiration
      • fingerprint/risk controls
      • telemetry noise

API Map (Core Business)

Base domain:

  • https://genius.corp.kuaishou.com

Core endpoints observed in Actual flow:

  • GET /budget-portal/api/authority/user

    • Purpose: fetch user auth context.

  • GET /budget-portal/api/authority/org/tree

    • Purpose: org tree for selectors/permissions scope.

  • GET /budget-portal/api/horse-race-lamp/query?tabCode=management-yearly%2Factual

    • Purpose: tab-level notification/meta.

  • GET /budget-portal/api/description/act-latest-update-date

    • Purpose: latest actual update metadata.

  • GET /budget-portal/api/annual-actual/versions?year=\x3CYEAR>

    • Purpose: available versions for selected year.

  • POST /budget-portal/api/actual-ledger/detail

    • Purpose: ledger detail dataset.
    • Notes: requires JSON body shaped by current filters.

  • POST /budget-portal/api/actual-ledger/products

    • Purpose: product/metric dimension data for current view.
    • Notes: requires JSON body shaped by current filters.

Non-core but commonly seen (usually ignore unless diagnosing):

  • log-sdk.ksapisrv.com/* telemetry
  • mobile-device-info.corp.kuaishou.com/* device/risk
  • h5-fingerprint.corp.kuaishou.com/* fingerprint

Workflow

1) Session check

  • Confirm not redirected to SSO login.
  • Verify accessproxy_session works for genius.corp.kuaishou.com.

2) Capture

  • Reload target page:
    • https://genius.corp.kuaishou.com/management-yearly/actual
  • Capture all XHR/fetch.

3) Filter to business APIs

  • Keep only /budget-portal/api/ requests.
  • Group by: authority → metadata → versions → ledger POSTs.

4) Rebuild minimal call chain

  • Start with GET chain (auth/org/version).
  • Then reproduce POST ledger calls with realistic payload.

5) Validate by script

  • Run genius_api_probe.sh with cookie + year.
  • Record HTTP code + brief body snippet.

6) Report

Always output:

  • API list (method/path/purpose)
  • call order
  • required parameters/body fields (known/unknown)
  • current blockers and next action

Script Usage

Script paths:

  • scripts/genius_api_probe.sh
  • scripts/genius_client.py

What they do:

  • genius_api_probe.sh: probes key GET APIs and sends placeholder POSTs for quick triage
  • genius_client.py: structured client for core APIs (single endpoint or full workflow), supports custom JSON payload files

Required inputs:

  • --base-url (default https://genius.corp.kuaishou.com)
  • --cookie (must include valid accessproxy_session=...)

Optional:

  • --year (default 2026)

Known Limitations

  1. SSO/session coupling

    • Without valid session cookie, requests fall back to SSO and API probing is invalid.

  2. Risk/fingerprint controls

    • Some environments may require device/fingerprint side requests; replay outside browser may fail.

  3. POST body incompleteness

    • actual-ledger/detail and actual-ledger/products need accurate business payload fields from live capture.

  4. Environment drift

    • static bundle versions and backend schema may change; always re-capture when results diverge.

  5. Permission scope

    • org tree and ledger visibility depend on account permissions; data differences are expected across users.
Usage Guidance
This skill appears to do what it says (probe internal Genius API endpoints) but has some important practical and security omissions to be aware of: - The skill requires a valid session cookie (accessproxy_session) but the package metadata does not declare this; expect to provide a sensitive cookie string on the command line. Only do this in a trusted environment and avoid reusing long-lived or highly-privileged browser session cookies. - The repository metadata also omits required binaries; the scripts assume bash, curl, and python3 are available. Verify those tools and run the code locally rather than giving your cookie to a remote system. - The python client supports --insecure which disables TLS verification. Do not use --insecure unless you understand the network risk (it can enable man-in-the-middle attacks). - The scripts print API responses (which may contain sensitive org or ledger data) to stdout. Treat output as potentially sensitive and avoid sharing it. Before installing or running: 1. Inspect the scripts yourself (you have them) and run them in an isolated environment. 2. Prefer a low-privilege/test account or ephemeral session cookie if possible. 3. Do not paste session cookies into third-party UIs; run locally. 4. If you need metadata in the skill registry, ask the publisher to declare the cookie requirement and required binaries explicitly. Given the above mismatches (sensitive cookie handling and undeclared binaries), proceed cautiously; the behavior is consistent with its stated purpose but the missing declarations and the need for sensitive credentials are why this is flagged as suspicious.
Capability Analysis
Type: OpenClaw Skill Name: kuaishou-genius-actual Version: 1.0.0 The skill bundle is a utility designed for automating and debugging data flows on the Kuaishou Genius internal portal (genius.corp.kuaishou.com). It contains a bash script (genius_api_probe.sh) and a Python client (genius_client.py) that perform standard GET and POST requests to internal endpoints using a user-provided session cookie. The code is transparent, lacks obfuscation, and shows no signs of data exfiltration to external domains or malicious intent; it functions strictly as an API interaction tool for the stated target domain.
Capability Assessment
Purpose & Capability
The skill name, description, SKILL.md, and included scripts all focus on mapping and probing the Kuaishou Genius 'management-yearly/actual' API flow; the requested actions (GET/POST probing, reconstructing payloads) are coherent with that purpose. There is no evidence the skill is trying to perform unrelated cloud or system administration tasks.
Instruction Scope
Runtime instructions explicitly tell the agent/operator to capture browser network traffic and to run the provided scripts with a valid session cookie. The instructions do not request reading unrelated files or exfiltrating data to third-party endpoints; they will, however, cause the agent/operator to expose potentially sensitive response bodies and session cookies to their local terminal. The SKILL.md expects the user/agent to supply a valid accessproxy_session cookie which is sensitive.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts), so nothing is downloaded or installed automatically. The included shell and Python scripts are plain text and run locally — lower installation risk compared with remote installers.
Credentials
The package metadata declares no required environment variables or binaries, but the SKILL.md and scripts require: (1) a valid session cookie (accessproxy_session) to authenticate to genius.corp.kuaishou.com, and (2) local tools: bash, curl, python3. Requiring a session cookie is proportionate to the stated purpose, but the manifest omission (no declared primary credential or required env) is an incoherence and a security UX risk: users/agents may be prompted to paste sensitive cookies without the registry documenting that requirement. The python client also supports an --insecure flag (disables TLS verification), which is potentially dangerous if misused.
Persistence & Privilege
The skill is not always-enabled, does not request autonomous privilege escalation, and does not modify other skills or system-wide agent settings. It runs on demand and does not claim persistent presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kuaishou-genius-actual
  3. After installation, invoke the skill by name or use /kuaishou-genius-actual
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Genius API client and export workflow
Metadata
Slug kuaishou-genius-actual
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Kuaishou Genius Actual?

Use this skill whenever the user asks to analyze, verify, debug, reverse-engineer, or automate Kuaishou Genius「预算/预测/实际」页面 data flow (especially management-y... It is an AI Agent Skill for Claude Code / OpenClaw, with 199 downloads so far.

How do I install Kuaishou Genius Actual?

Run "/install kuaishou-genius-actual" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kuaishou Genius Actual free?

Yes, Kuaishou Genius Actual is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Kuaishou Genius Actual support?

Kuaishou Genius Actual is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Kuaishou Genius Actual?

It is built and maintained by zhangpei03 (@zhangpei03); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments