loading…
Browse all
Shipcheck
FreeEnables AI agents to run Shipcheck on local JavaScript/TypeScript repositories, scanning for launch risks like exposed env vars, unsigned webhooks, and missing
About
Enables AI agents to run Shipcheck on local JavaScript/TypeScript repositories, scanning for launch risks like exposed env vars, unsigned webhooks, and missing security guardrails.
README
npm version ci MCP Registry Shipcheck Action
MCP server that lets AI coding agents run Shipcheck on local JavaScript and TypeScript repositories.
Shipcheck scans AI-built apps for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing AI usage guardrails, missing CI, loose dependencies, and thin release docs.
Tool page: https://tatelyman.github.io/tate-web-services/shipcheck.html
Free MCP launch self-check: https://tatelyman.github.io/tate-web-services/mcp-self-check.html
Paid MCP launch check: https://tatelyman.github.io/tate-web-services/mcp-launch-review.html
Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck
Demo repo with GitHub code scanning alerts: https://github.com/TateLyman/shipcheck-demo-ai-app
Install
Run directly with npx:
npx --yes shipcheck-mcp
MCP Config
Add this server to an MCP client that supports stdio servers:
{
"mcpServers": {
"shipcheck": {
"command": "npx",
"args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
}
}
}
Tool
scan_repository
{
"root": ".",
"format": "markdown",
"failOn": "medium",
"strict": true
}
Formats: text, markdown, json, or sarif.
Severities: info, low, medium, or high.
Shipcheck is defensive static analysis, not a penetration test. Run it only on repos you own or are authorized to inspect.
Development
npm install
npm run check
How to install
Add this to claude_desktop_config.json and restart Claude Desktop.
{
"mcpServers": {
"shipcheck-mcp": {
"command": "npx",
"args": []
}
}
}
