Shipcheck MCP is a defensive local scanner wrapper. Run it only on repositories you own or are authorized to inspect.
Do not paste private keys, customer data, or proprietary source snippets into public issues.
Report package or MCP-server security concerns privately by email:
For a manual review of an app or repo you own, use: