io.github.TateLyman/shipcheck-mcp

MCPcommunity
v0.1.12io.github.TateLymanUnknownUpdated 1mo agonpmGitHub

Read-only Shipcheck launch-risk scans for authorized JS, TS, and MCP repos.

MCP server that lets local MCP clients run Shipcheck on authorized JavaScript and TypeScript repositories. Shipcheck scans apps and MCP servers for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing usage-cost guardrails, missing CI, loose dependencies, thin release docs, missing MCP smoke-test proof,…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
1mo agoLast update
Package
Authorio.github.TateLyman
LicenseUnknown
Version0.1.12
Sourcemcp-registry
Trust Status
A
95/100Trusted
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+5/5
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance✓ Sigstore-verified · beab6af
Dependencies60 resolved+ · none vulnerable
Tool surface1 tool · none privileged
Security scan✓ Cleanv0.1.12 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

MCP server that lets local MCP clients run Shipcheck on authorized JavaScript and TypeScript repositories. Shipcheck scans apps and MCP servers for launch risks such as exposed private-looking env vars, unsigned Stripe webhooks, missing Supabase/Firebase rule evidence, debug routes, missing usage-cost guardrails, missing CI, loose dependencies, thin release docs, missing MCP smoke-test proof, undocumented STDIO execution boundaries, and undocumented remote MCP auth boundaries. Free MCP launch…

Keywords
mcp