Stats
Actions
Tags
From lugui-ai
Pre-publication security gate for pages.lugui.ai — what must NEVER appear in a public page (secrets, client PII, internal endpoints) and the auth requirement (@lugui.ai only). Load this BEFORE running /lugui-ai:pages:publish.
How this skill is triggered — by the user, by Claude, or both
Slash command
/lugui-ai:security-checklistThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A published page lives on the **public internet** at `pages.lugui.ai/<slug>`,
A published page lives on the public internet at pages.lugui.ai/<slug>,
served by CloudFront with no auth in front of it. Treat every byte as world-
readable forever. Review the HTML against this list before calling
/lugui-ai:pages:publish. If anything matches, STOP and fix it first.
AKIA + 16 chars.-----BEGIN ... PRIVATE KEY----- blocks.AIza + 35 chars.secret, token, password, api_key/api-key
set to a quoted value of 8+ chars (password = "hunter2longer")..env contents, basic-auth user:pass@host.*.internal, *.coolify.lugui.ai admin URLs,
RDS endpoints, SQS/SNS ARNs, DynamoDB table names).lgp_...) obtained
via self-service web login (/lugui-ai:setup → {pages_api}/login, sign in
with @lugui.ai) and saved to ~/.lugui/config.json; the backend returns
401/403 for a missing/invalid token or a token without permission. The
token is a secret — never paste it or the contents of ~/.lugui/config.json
into chat.pages.lugui.ai/<slug>. Do not use it for anything that should
be access-controlled./lugui-ai:pages:publish
plus the backend) re-scans for the secret patterns above. It is a backstop,
not a substitute for review.npx claudepluginhub lugui-co/lugui-ai-plugin --plugin lugui-aiCreates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.