Shipcheck MCP

Name: Shipcheck MCP
Author: TateLyman

TateLyman/shipcheck-mcp

Run read-only Shipcheck launch-risk scans on authorized JavaScript, TypeScript, and MCP repos before you ship or announce.

Overview

Shipcheck MCP is an MCP server for the Ship phase that runs authorized read-only launch-risk scans on JavaScript, TypeScript, and MCP codebases.

What is this MCP server?

Read-only Shipcheck scans for JS, TS, and MCP projects
stdio npm package shipcheck-mcp for local agent wiring
Focused on launch-risk signals rather than generic lint noise
Requires authorization to the target repo per Shipcheck model
Package version 0.1.9
Transport: stdio via npm identifier shipcheck-mcp
Scopes: JS, TS, and MCP repos (read-only)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

You are about to ship a JS or TS product but lack time for a full security review and want agent-friendly launch-risk signal without risky repo mutations.

Who is it for?

Solo builders shipping npm-based apps, MCP servers, or TS SaaS who already use Shipcheck and want scans inside the agent loop.

Skip if: Unauthorized repos, non-JS/TS stacks, or teams needing write-side remediation bots instead of read-only assessment.

What do I get? / Deliverables

Your agent can trigger Shipcheck scans and surface launch-risk items you can fix or accept before release.

Launch-risk findings list suitable for pre-release checklists
Agent-readable scan output to paste into issues or ship docs
Repeatable pre-launch security pass on the same authorized repo

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Launch-risk review belongs in the ship phase when the codebase is nearly ready and you want a structured security pass without mutating the repo. Security subphase captures pre-launch hardening and third-party scan workflows that complement tests and manual review.

How it compares

MCP hook to Shipcheck launch-risk scanning, not a general SAST marketplace or Claude skill for threat modeling.

Common Questions / FAQ

Who is Shipcheck MCP for?

Developers and indie founders with Shipcheck-authorized JS, TS, or MCP repos who want launch-risk results inside MCP-enabled agents.

When should I use Shipcheck MCP?

Use it in the ship phase after feature freeze when you are validating security and launch readiness before tagging a release or going public.

How do I add Shipcheck MCP to my agent?

Install the shipcheck-mcp npm package and add a stdio MCP server entry per your client docs, then complete Shipcheck authorization for each repo you scan.

Shipcheck MCP

TateLyman/shipcheck-mcp

Run read-only Shipcheck launch-risk scans on authorized JavaScript, TypeScript, and MCP repos before you ship or announce.

Overview

Shipcheck MCP is an MCP server for the Ship phase that runs authorized read-only launch-risk scans on JavaScript, TypeScript, and MCP codebases.

What is this MCP server?

Read-only Shipcheck scans for JS, TS, and MCP projects
stdio npm package shipcheck-mcp for local agent wiring
Focused on launch-risk signals rather than generic lint noise
Requires authorization to the target repo per Shipcheck model
Package version 0.1.9
Transport: stdio via npm identifier shipcheck-mcp
Scopes: JS, TS, and MCP repos (read-only)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

You are about to ship a JS or TS product but lack time for a full security review and want agent-friendly launch-risk signal without risky repo mutations.

Who is it for?

Solo builders shipping npm-based apps, MCP servers, or TS SaaS who already use Shipcheck and want scans inside the agent loop.

Skip if: Unauthorized repos, non-JS/TS stacks, or teams needing write-side remediation bots instead of read-only assessment.

What do I get? / Deliverables

Your agent can trigger Shipcheck scans and surface launch-risk items you can fix or accept before release.

Launch-risk findings list suitable for pre-release checklists
Agent-readable scan output to paste into issues or ship docs
Repeatable pre-launch security pass on the same authorized repo

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP hook to Shipcheck launch-risk scanning, not a general SAST marketplace or Claude skill for threat modeling.

Common Questions / FAQ

Who is Shipcheck MCP for?

Developers and indie founders with Shipcheck-authorized JS, TS, or MCP repos who want launch-risk results inside MCP-enabled agents.

When should I use Shipcheck MCP?

Use it in the ship phase after feature freeze when you are validating security and launch readiness before tagging a release or going public.

How do I add Shipcheck MCP to my agent?

Install the shipcheck-mcp npm package and add a stdio MCP server entry per your client docs, then complete Shipcheck authorization for each repo you scan.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Shipcheck MCP for?

When should I use Shipcheck MCP?

How do I add Shipcheck MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Shipcheck MCP for?

When should I use Shipcheck MCP?

How do I add Shipcheck MCP to my agent?