Which integrations are available for this server?

Checks for missing Firebase rule evidence to ensure security configuration. Scans for unsigned Stripe webhooks to identify launch risks. Checks for missing Supabase rule evidence to ensure security configuration.

How do I use shipcheck-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@shipcheck-mcp scan the current directory for launch risks" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

shipcheck-mcp

by TateLyman

Overview Schema Related Servers Score Discussions

JavaScript

Local

shipcheck-mcp

npm version MCP Registry Shipcheck Action

MCP server that lets AI coding agents run Shipcheck on local JavaScript and TypeScript repositories.

Shipcheck scans AI-built apps for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing AI usage guardrails, missing CI, loose dependencies, and thin release docs.

Tool page: https://tatelyman.github.io/tate-web-services/shipcheck.html

Official MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=shipcheck

Demo repo with GitHub code scanning alerts: https://github.com/TateLyman/shipcheck-demo-ai-app

Install

Run directly with npx:

npx --yes shipcheck-mcp

MCP Config

Add this server to an MCP client that supports stdio servers:

{
  "mcpServers": {
    "shipcheck": {
      "command": "npx",
      "args": ["--yes", "--package", "shipcheck-mcp", "shipcheck-mcp"]
    }
  }
}

Tool

scan_repository

{
  "root": ".",
  "format": "markdown",
  "failOn": "medium",
  "strict": true
}

Formats: text, markdown, json, or sarif.

Severities: info, low, medium, or high.

Shipcheck is defensive static analysis, not a penetration test. Run it only on repos you own or are authorized to inspect.

Development

npm install
npm run check

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

0dRelease cycle

4Releases (12mo)

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

scan_repositoryB

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/TateLyman/shipcheck-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server