Runs Shipcheck's defensive static analysis directly from your MCP client to scan JavaScript, TypeScript, and MCP repos for launch risks. It exposes a single scan_repository tool that looks for issues like exposed environment variables, unsigned webhooks, missing database rules, debug routes left in production, loose dependencies, and gaps in MCP server documentation. You point it at a local repo root and get back findings in text, markdown, JSON, or SARIF format. It's read-only file scanning with no code execution or network calls, so you can run it on projects you own or are authorized to inspect before shipping. Useful when you want pre-deployment hygiene checks baked into your AI workflow instead of running CLI commands manually.
claude mcp add --transport stdio tatelyman-shipcheck-mcp uvx shipcheck-mcp