MaybeAI Upload Audit

v1.0.0

Upload and audit product media on MaybeAI: upload files, run analysis and audits, generate HTML report, and share results via trycloudflare tunnel.

⭐ 0· 70·0 current·0 all-time

by@ojbkxiongdei

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ojbkxiongdei/maibei-upload-audit.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "MaybeAI Upload Audit" (ojbkxiongdei/maibei-upload-audit) from ClawHub.
Skill page: https://clawhub.ai/ojbkxiongdei/maibei-upload-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install maibei-upload-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install maibei-upload-audit

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

✓

Purpose & Capability

Name/description match the code: the scripts implement uploading to MaybeAI endpoints, invoking MaybeAI workflows, generating a self‑contained HTML report, and sharing it via a trycloudflare/cloudflared tunnel. There are no unrelated service credentials requested.

✓

Instruction Scope

SKILL.md and scripts stick to the declared pipeline: they use a bearer token + user-id to call MaybeAI and play-be.omnimcp.ai workflow endpoints, upload files, generate reports, and create a public URL. The instructions do not try to read unrelated system files or leak data to unexpected third parties beyond the sharing step.

Install Mechanism

There is no install spec even though the code requires runtime dependencies and external binaries: Python 'requests' is used but not declared/installed, and the sharing functionality depends on the 'cloudflared' binary being present. The skill will attempt to spawn subprocesses (cloudflared, python -m http.server) without providing installation guidance—this mismatch risks runtime failures or surprises and is disproportionate to the missing metadata.

ℹ

Credentials

The skill requires a MaybeAI bearer token and user-id to function; that is proportional to its purpose. The repository metadata does not declare any environment variables or a primary credential, but the SKILL.md and scripts explicitly require tokens to be provided as CLI args—this is acceptable but should be documented in the registry metadata. No other unrelated secrets are requested.

ℹ

Persistence & Privilege

The skill does not request always:true or modify agent/system configurations. However it launches a local HTTP server and a cloudflared tunnel that expose local files publicly; if invoked autonomously with credentials and loose file paths, it could inadvertently publish sensitive files. Autonomous invocation itself is normal, but combined with the sharing behavior this elevates operational risk.

What to consider before installing

This skill implements exactly what it claims, but review these points before installing or running it: - Dependencies: The code uses the Python 'requests' package and expects the 'cloudflared' binary; the registry metadata does not declare or install these. Install Python dependencies (pip install requests) and ensure cloudflared is installed and trusted. - Credentials: You must supply a MaybeAI bearer token and user-id. Only provide tokens you control and rotate/revoke them if exposed during testing. - Public sharing: The share feature starts a local HTTP server and opens a public trycloudflare tunnel—be careful about the path you share. Do not point it at directories containing secrets or other users' data. - Run in isolation: Test first in a disposable/isolated environment (throwaway token, temp directory) to verify behavior. - Audit the code: If you will supply real credentials or production files, review the scripts (upload flow, URL parsing, and tunnel handling) to ensure they meet your security requirements and consider adding explicit checks (allowed paths, confirmation prompts) before sharing. If you need this skill but want lower risk, ask the author to: (1) add an install spec for required Python packages and clearly declare 'cloudflared' as a required binary, (2) document exactly which inputs are used, and (3) add safeguards to the share step (confirmation, restrict serve dir, or opt-out of automatic sharing).

Like a lobster shell, security has layers — review code before you run it.

auditvk9736g7xfq4xfdp04x9ey0wx7n84kjese-commercevk9736g7xfq4xfdp04x9ey0wx7n84kjeshtmlvk9736g7xfq4xfdp04x9ey0wx7n84kjeslatestvk9736g7xfq4xfdp04x9ey0wx7n84kjesmaybeaivk9736g7xfq4xfdp04x9ey0wx7n84kjesuploadvk9736g7xfq4xfdp04x9ey0wx7n84kjes

70downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

Maibei Upload Audit

Full end-to-end upload + analyze + audit + HTML report generation + share pipeline.

Quick start

python3 scripts/upload_audit.py \
  --token "<bearer-token>" \
  --user-id "<user-id>" \
  --mode full \
  --file "/path/to/image.jpg"

With automatic HTML report generation + trycloudflare sharing:

python3 scripts/upload_audit.py \
  --token "<bearer-token>" \
  --user-id "<user-id>" \
  --mode full \
  --file "/path/to/image.jpg" \
  --html \
  --share

Correct end-to-end order

Confirm inputs: bearer token, user-id, local files or inbound media
Upload each file with the MaybeAI tRPC upload API
Run copy-sheet workflow to create a working spreadsheet
Run analyze workflow to classify files, OCR text, and write rows into 审核文件信息
Run the audit stage (audit + font-audit in parallel)
Run the summary workflow after audit stage completes
Generate HTML report grouping results by media URL, sorted by risk
Share via trycloudflare to produce a public URL
Return the working sheet URL + public HTML report URL

Audit stage execution model

Treat the audit stage as one logical stage after analyze finishes.

Current known workflows inside that stage:

audit workflow artifact: 69c6582612aa26396bd2ace7
font-audit workflow artifact: 69ccb9d584cf626fe68ff7ea

Inside that stage, audit and font-audit run in parallel as internal workflows, then summary runs after both complete.

Current known workflow ids

For /e-commerce/upload-audit-file:

copy workflow artifact: 69ca226377efb8a1de743d34
analyze workflow artifact: 69c245bca5e657510a37a6a2
audit workflow artifact: 69c6582612aa26396bd2ace7
font-audit workflow artifact: 69ccb9d584cf626fe68ff7ea
summary workflow artifact: 69ca16d067a09db8deb145c2
source Excel URL: https://www.maybe.ai/docs/spreadsheets/d/69c2400ea25ba20198828d73?gid=0

Required auth context

Need all of:

bearer token
user-id
local files or inbound media, or already-uploaded file URLs

Script usage

upload_audit.py --mode <mode> [options]

Modes:
  upload    Upload files only
  copy      Copy source Excel only
  analyze   Run analyze step (requires --sheet-url or prior upload)
  audit     Run audit + font-audit
  summary   Run final summary
  full      Upload → copy → analyze → audit → summary (all in one)

Full-mode options:
  --file <path>            Local file to upload (repeatable)
  --html                   Generate HTML report after workflows complete
  --share                  Share HTML report via trycloudflare tunnel
  --html-only              Skip workflows, generate HTML from prior results
  --skip-analyze           Skip analyze step in full mode
  --skip-audit             Skip audit step in full mode
  --skip-font              Skip font-audit step in full mode
  --skip-summary           Skip final summary step

Other options:
  --token <token>          MaybeAI bearer token (required)
  --user-id <id>           MaybeAI user-id (required)
  --sheet-url <url>        Existing working sheet URL
  --source-excel-url <url> Source Excel URL (default: see above)
  --print-json             Output results as JSON

HTML report generation

When --html is passed (or --mode html), the script generates a self-contained HTML report at $WORKDIR/audit_report.html.

The report includes:

Top-level summary metrics (total / high / medium / low risk counts)
Overall audit result badge
Tabbed view by risk level (高风险 / 中风险 / 低风险)
Per-item cards ordered by risk (high → medium → low), each containing:
- Media preview thumbnail
- Media URL (clickable)
- Overall risk level badge
- 第三方审核 / 内部规则审核 / 行业规则审核 / 字体审核 sub-results
- 风险点 (risk hits)
- BLOCK reason in plain language
- 建议修改点 and concrete rewrite direction
Link back to the original working spreadsheet

The HTML is fully self-contained (no external JS/CSS dependencies) and responsive.

Sharing via trycloudflare

When --share is passed, after HTML generation the script:

Starts a local HTTP server serving the workspace directory
Starts a cloudflared tunnel to expose it publicly
Waits for the trycloudflare URL to become reachable
Verifies the URL returns HTTP 200
Returns the verified public URL

python3 scripts/share_url.py /path/to/file.html
# outputs: https://xxxx.trycloudflare.com/file.html

Upload step

Use the MaybeAI tRPC endpoint:

POST https://maibei.maybe.ai/api/trpc/imageGetUploadUrl

Request shape:

{ "key": "superapp/uploads/<timestamp>-<filename>" }

Response fields:

result.data.uploadUrl
result.data.url

Upload pattern:

Call imageGetUploadUrl with a unique key
PUT raw file bytes to uploadUrl
Use url as the uploaded public URI in later workflows

Analyze payload construction

Build variable:dataframe:product_images as rows:

[
  {
    "url": "https://statics.maybe.ai/.../file.webp",
    "file_type": "image",
    "file_name": "file.webp"
  }
]

Use file_type: "image" for png/jpg/jpeg/webp/gif.

Audit and summary payload

Send all three values:

[
  { "name": "variable:scalar:copy_excel_url", "default_value": "<sheet>" },
  { "name": "variable:scalar:excel_url", "default_value": "<sheet>" },
  { "name": "variable:dataframe:copy_excel_url_data", "default_value": [{ "copy_excel_url": "<sheet>" }] }
]

Font-audit payload

Send:

[
  { "name": "variable:scalar:copy_excel_url", "default_value": "<sheet>" }
]

Execution communication rules

Report progress at every step. Required progress messages:

📤 正在上传文件 1/5...
✅ 文件1 上传完成
📋 正在复制源Excel...
✅ 复制完成
🔍 正在分析文件...
✅ 分析完成
🔴 正在审核（内部规则 + 行业规则）...
✅ 审核完成
🔤 正在字体审核...
✅ 字体审核完成
📊 正在汇总...
✅ 汇总完成
🌐 正在生成HTML报告...
✅ 报告已生成
🔗 正在分享到公网...
✅ 报告已发布: https://xxx.trycloudflare.com/audit_report.html

Response format

After successful end-to-end run with --html --share, return:

Working sheet URL
Uploaded file URLs (if applicable)
Copy step result
Analyze step result
Audit step result
Summary workflow result
HTML report local path
Public share URL (trycloudflare)

Debugging

If upload fails:

Verify token and user-id
Inspect imageGetUploadUrl response shape
Verify the PUT upload returns 200

If workflow fails:

Verify the artifact id by calling workflow/detail/public
Verify Authorization: Bearer <token> and user-id on play-be.omnimcp.ai
Inspect streamed events, especially action_output, dataflow_output, and workflow_output

Resources

maibei-upload-audit/
├── SKILL.md
├── scripts/
│   ├── upload_audit.py   # Main CLI for full pipeline
│   └── share_url.py      # Trycloudflare sharing utility
└── references/
    ├── protocol-notes.md      # API request/response shapes
    └── live-run-notes.md      # Validated execution notes

Comments

Loading comments...