Ship Loop is a disclosed automation tool, but it can autonomously modify, commit, push, deploy, clean repository state, run configured commands, and persist sensitive run context with limited safety gates.
Install only for trusted repositories and non-production or well-controlled deployment targets. Review SHIPLOOP.yml like executable code, start with dry-run, use a disposable branch or worktree, avoid permission-bypass agent modes unless isolated, disable or constrain meta/optimization loops if you need review, and do not use notify-command or custom scripts where sensitive environment variables are present.