medium
GitHub通过用户提供的登录Cookie,利用内部API读取Medium个人主页文章、查看互动数据及发布新故事。支持Markdown转译、图片自动上传及草稿/正式发布模式,需确认权限后操作。
Trigger Scenarios
Install
npx skills add NeverSight/learn-skills.dev --skill medium -g -y
SKILL.md
Frontmatter
{
"name": "medium",
"license": "Apache-2.0",
"metadata": {
"author": "acedatacloud",
"version": "1.0"
},
"connections": [
"medium"
],
"description": "Read and publish on Medium (medium.com) with the user's own login cookies (BYOC) — list their posts with clap\/response stats, inspect one post, and publish a new story. Use when the user mentions Medium, \"my Medium posts\", reading their post stats (claps\/reads), or publishing a story to Medium.",
"when_to_use": "Trigger for anything on the user's Medium (medium.com) account driven by their\nown login cookie: show who they are, list their posts with clap \/ response \/\nreading-time data, look at one post, or publish a new story. This acts as the\nuser's real account, so writes are gated behind an explicit confirmation.\n",
"allowed_tools": [
"Bash"
]
}
medium — read & publish on Medium via your own cookies
Drives the user's real Medium account through the same internal web API the
site uses (Medium retired its public write API in 2023), authenticated by the
login cookie they captured with the ACE extension. No browser, no third-party
deps — just urllib.
The connector injects the cookie jar as an env var:
MEDIUM_COOKIES— a JSON array of cookies (sid,uid,xsrf). Secret — never echo or print it. The CLI echoes thexsrfcookie as thex-xsrf-tokenheader on writes for you.
CLI
The skill ships scripts/medium.py — self-contained, stdlib only.
MED=$SKILL_DIR/scripts/medium.py
python3 $MED whoami # who is logged in
python3 $MED articles --limit 20 # my posts + clap/response stats
python3 $MED article <post-id> # one post's details
Verify the connection first
python3 $MED whoami
# → {"user_id": "...", "name": "...", "username": "..."}
On an auth error the cookie is expired — have the user reconnect at https://auth.acedata.cloud/user/connections. Do not loop-retry.
Publishing — GATED (dry-run unless trailing --confirm)
publish writes to the user's real account. Content is Markdown (converted
to Medium paragraph blocks: #→H1, ##→H2, >→quote, ```→code).
Without a trailing --confirm it dry-runs. --confirm is honored only as the
last argument. Always show the dry-run, get an explicit "yes", then re-run.
python3 $MED publish --title "Title" --content-file a.md # dry-run
python3 $MED publish --title "Title" --content-file a.md --draft-only --confirm # private draft
python3 $MED publish --title "Title" --content-file a.md --confirm # PUBLIC story
Publishing is Medium's multi-step editor flow (new-story → write deltas →
publish). --draft-only stops at the draft (visible only at the user's
/me/stories/drafts). Default to --draft-only unless the user asked to go live.
Images
publish automatically uploads each external markdown image () to
Medium and inserts it as a real image block — Medium has no markdown-image
syntax, so this is the only way images render. Pass --no-rehost-images to
degrade images to link-only paragraphs. An image that fails to upload falls back
to a link paragraph (never blocks the post).
Gotchas
- This is the user's real Medium account. Confirm before any publish.
- Markdown→Medium conversion is paragraph-level (headings, quotes, code, body); complex inline formatting / images aren't converted — the user can polish in the Medium editor before going public.
- Medium sits behind Cloudflare; an occasional 403/429 is transient — the CLI auto-retries once after a short pause. A persistent 403 means the cookie is genuinely expired (reconnect).
- Never print
MEDIUM_COOKIES— it is full account access. - ToS: acts only on the user's own account with their own captured cookie.
Version History
- e0220ca Current 2026-07-05 22:54


