Summary
Runs Shipcheck's defensive static analysis directly from your MCP client to scan JavaScript, TypeScript, and MCP repos for launch risks. It exposes a single scan_repository tool that looks for issues like exposed environment variables, unsigned webhooks, missing database rules, debug routes left in production, loose dependencies, and gaps in MCP server documentation. You point it at a local repo root and get back findings in text, markdown, JSON, or SARIF format. It's read-only file scanning with no code execution or network calls, so you can run it on projects you own or are authorized to inspect before shipping. Useful when you want pre-deployment hygiene checks baked into your AI workflow instead of running CLI commands manually.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
shipcheck-mcp
MCP server that lets local MCP clients run Shipcheck on authorized JavaScript and TypeScript repositories.
Shipcheck scans apps and MCP servers for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing usage-cost guardrails, missing CI, loose dependencies, thin release docs, missing MCP smoke-test proof, undocumented STDIO execution boundaries, and undocumented remote MCP auth boundaries.
Tool page: https://tateprograms.com/shipcheck.html
Free MCP launch self-check: https://tateprograms.com/mcp-self-check.html
MCP directory launch checklist: https://tateprograms.com/mcp-directory-checklist.html
Paid MCP launch check: https://tateprograms.com/mcp-launch-review.html
Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck
Install
Run directly with npx:
npx --yes shipcheck-mcp
MCP Config
Add this server to an MCP client that supports stdio servers:
{
"mcpServers": {
"shipcheck": {
"command": "npx",
"args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
}
}
}
STDIO MCP client config launches a local command. Review the command, args, and any env values before running generated configs, keep the package source trusted, and prefer pinned package versions when a deployment needs repeatability.
Tool
scan_repository
{
"root": ".",
"format": "markdown",
"failOn": "medium",
"strict": true
}
Formats: text, markdown, json, or sarif.
Severities: info, low, medium, or high.
Shipcheck is defensive static analysis, not a penetration test. It reads local project files, does not modify the repository, does not execute project code, and does not require network access. Run it only on repos you own or are authorized to inspect.
Development
npm install
npm run check
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →