shipsafe
ShipSafe · Install

Tell your AI assistant to run this.

ShipSafe scans AI-generated code for the security bugs LLMs reproduce. The scanner runs locally. Your source never leaves your machine.

Claude Code
Claude Code
claude mcp add -s user shipsafe -- npx -y shipsafe-mcp

Paste into Claude Code. Restart it. Then ask: scan this repo.

On Cursor or Codex instead? →
Cursor
Cursor · ~/.cursor/mcp.json
{
  "mcpServers": {
    "shipsafe": {
      "command": "npx",
      "args": ["-y", "shipsafe-mcp"]
    }
  }
}
Codex
Codex · ~/.codex/config.toml
[mcp_servers.shipsafe]
command = "npx"
args = ["-y", "shipsafe-mcp"]

What it catches

  • Hardcoded secrets and API keys
  • SQL injection patterns
  • XSS via unescaped output
  • Broken authentication checks
  • IDOR / missing access control
  • File-upload MIME-type gaps
  • Missing rate limits on auth routes
  • Open-redirect candidates
  • Missing Content-Security-Policy
  • Stale env var documentation

Pricing

Scanner
Free
scan_repo, scan_url, list_lessons. No card. No account required for scanning.
AI fixes · suggest_fix
~$0.05/call
With your own Anthropic key (BYOK). Or ~$0.25/call hosted. Free account required.
Join Early AI-dopters →Already a member? Sign inTry a public scan firstFull MCP docs