How do I install Shipcheck?

Shipcheck is a local plugin. Install it using npm package: shipcheck-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Shipcheck?

Shipcheck uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Shipcheck MCP Server

by TateLyman

Developer ToolsLow Risk10.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Read-only Shipcheck launch-risk scans for authorized JS, TS, and MCP repos.

About

Read-only Shipcheck launch-risk scans for authorized JS, TS, and MCP repos.

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (2 strong, 3 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.

5 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

env_vars

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-tatelyman-shipcheck-mcp": {
      "args": [
        "-y",
        "shipcheck-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

shipcheck-mcp

MCP server that lets local MCP clients run Shipcheck on authorized JavaScript and TypeScript repositories.

Shipcheck scans apps and MCP servers for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing usage-cost guardrails, missing CI, loose dependencies, and thin release docs.

Tool page: https://tateprograms.com/shipcheck.html

Free MCP launch self-check: https://tateprograms.com/mcp-self-check.html

MCP directory launch checklist: https://tateprograms.com/mcp-directory-checklist.html

Paid MCP launch check: https://tateprograms.com/mcp-launch-review.html

Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck

Install

Run directly with npx:

npx --yes shipcheck-mcp

MCP Config

Add this server to an MCP client that supports stdio servers:

{
  "mcpServers": {
    "shipcheck": {
      "command": "npx",
      "args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
    }
  }
}

Tool

scan_repository

{
  "root": ".",
  "format": "markdown",
  "failOn": "medium",
  "strict": true
}

Formats: text, markdown, json, or sarif.

Severities: info, low, medium, or high.

Shipcheck is defensive static analysis, not a penetration test. It reads local project files, does not modify the repository, does not execute project code, and does not require network access. Run it only on repos you own or are authorized to inspect.

Development

npm install
npm run check

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Shipcheck MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Install

Documentation

shipcheck-mcp

Install

MCP Config

Tool

Development

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP