Public means anyone can read it
Assume package metadata, manifests, instructions, prompts, and bundled files can be read by anyone. Do not publish internal-only context.
Security
Publish AI skills without leaking private files.
AIPM packages are public by default. Treat every package like open-source code. Review the files, remove sensitive details, and publish only what users should install.
Short-lived tokens
Publish tokens are temporary on purpose. Generate one when you are ready to publish, then let it expire. Do not store it in project files.
Preview before push
Preview shows exactly what will be included. Review the file list and package size before publishing a new version.
Publisher safety checklist
- Run aipm publish preview before publishing and check every included file.
- Keep API keys, tokens, private keys, customer data, and internal documents out of packages.
- Use .aipmignore to skip logs, screenshots, caches, exports, and private notes.
- Publish only files needed to explain or install the skill.
- Rotate any secret immediately if it was staged, even if publishing failed.
- Use a new 5-minute publish token each time you publish.
Recommended .aipmignore starter
Use this as a starting point. Add any private folders from your project before runningaipm publish add ..
# Secrets and credentials
.env
.env.*
*.pem
*key*
# Private or noisy project files
node_modules/
.git/
dist/
coverage/
*.log
screenshots/
exports/
# Internal-only context
private-notes/
customer-data/
If private data is published
- Do not share exploit details in public package text.
- Write down the package name, version, file path, and why it is sensitive.
- Contact the package owner if you know them, then contact AIPM maintainers.
- If a secret is exposed, rotate it first. Removing the package does not make the secret safe.
What AIPM should add next
AIPM should add package takedowns, owner transfer, verified publisher badges, stronger scanning, private packages, and a security contact channel.