Shipcheck MCP
Run Shipcheck repo risk scans from MCP coding agents.
Ask AI about Shipcheck MCP
Powered by Claude · Grounded in docs
I know everything about Shipcheck MCP. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
shipcheck-mcp
MCP server that lets AI coding agents run Shipcheck on local JavaScript and TypeScript repositories.
Shipcheck scans AI-built apps for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing AI usage guardrails, missing CI, loose dependencies, and thin release docs.
Tool page: https://tatelyman.github.io/tate-web-services/shipcheck.html
Free MCP launch self-check: https://tatelyman.github.io/tate-web-services/mcp-self-check.html
Paid MCP launch check: https://tatelyman.github.io/tate-web-services/mcp-launch-review.html
Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck
Demo repo with GitHub code scanning alerts: https://github.com/TateLyman/shipcheck-demo-ai-app
Install
Run directly with npx:
npx --yes shipcheck-mcp
MCP Config
Add this server to an MCP client that supports stdio servers:
{
"mcpServers": {
"shipcheck": {
"command": "npx",
"args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
}
}
}
Tool
scan_repository
{
"root": ".",
"format": "markdown",
"failOn": "medium",
"strict": true
}
Formats: text, markdown, json, or sarif.
Severities: info, low, medium, or high.
Shipcheck is defensive static analysis, not a penetration test. Run it only on repos you own or are authorized to inspect.
Development
npm install
npm run check