Which integrations are available for this server?

Checks for missing Firebase rule evidence to ensure security configuration. Scans for unsigned Stripe webhooks to identify launch risks. Checks for missing Supabase rule evidence to ensure security configuration.

How do I use shipcheck-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@shipcheck-mcp scan the current directory for launch risks" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

shipcheck-mcp

by TateLyman

Overview Schema Related Servers Score Discussions

JavaScript

Local

shipcheck-mcp

npm version MCP Registry shipcheck-mcp MCP server

MCP server that lets local MCP clients run Shipcheck on authorized JavaScript and TypeScript repositories.

Shipcheck scans apps and MCP servers for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing usage-cost guardrails, missing CI, loose dependencies, thin release docs, missing MCP smoke-test proof, undocumented STDIO execution boundaries, and undocumented remote MCP auth boundaries.

Tool page: https://tateprograms.com/shipcheck.html

Free MCP launch self-check: https://tateprograms.com/mcp-self-check.html

MCP directory launch checklist: https://tateprograms.com/mcp-directory-checklist.html

Paid MCP launch check: https://tateprograms.com/mcp-launch-review.html

Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck

Install

Run directly with npx:

npx --yes shipcheck-mcp

MCP Config

Add this server to an MCP client that supports stdio servers:

{
  "mcpServers": {
    "shipcheck": {
      "command": "npx",
      "args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
    }
  }
}

STDIO MCP client config launches a local command. Review the command, args, and any env values before running generated configs, keep the package source trusted, and prefer pinned package versions when a deployment needs repeatability.

Tool

scan_repository

{
  "root": ".",
  "format": "markdown",
  "failOn": "medium",
  "strict": true
}

Formats: text, markdown, json, or sarif.

Severities: info, low, medium, or high.

Shipcheck is defensive static analysis, not a penetration test. It reads local project files, does not modify the repository, does not execute project code, and does not require network access. Run it only on repos you own or are authorized to inspect.

Development

npm install
npm run check

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

0dRelease cycle

4Releases (12mo)

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

scan_repositoryB

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/TateLyman/shipcheck-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server