ClawHub

Shipcheck

PassAudited by ClawScan on May 13, 2026.

Overview

Shipcheck appears to be a coherent pre-publish scanner, but it installs an external npm CLI and reads selected project files to look for leaks.

This looks safe to use for its intended purpose: checking a project before publishing. Before installing, remember that the actual scanner is an external npm package, and only scan folders you intend to publish or share because findings may include sensitive information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing the skill will require trusting the npm package that provides the shipcheck command.

Why it was flagged

The skill depends on an external npm CLI for its actual behavior. This is expected for the skill's purpose, but the package code itself is not included in the provided artifact review.

Skill content
node | package: @symbolstar/shipcheck | creates binaries: shipcheck
Recommendation

Install only if you trust the npm package and publisher; consider verifying the npm package/source and using a pinned version in controlled environments.

Info
#ASI02: Tool Misuse and Exploitation
What this means

The command can inspect files under the chosen package, skill folder, or repository.

Why it was flagged

The skill documents local CLI execution over a user-selected folder. This is purpose-aligned scanning, but users should avoid pointing it at unrelated private directories.

Skill content
shipcheck --scan-mode=dir ./path/to/skill-or-repo
Recommendation

Run it only on the project you intend to publish or share, and review the command path before execution.

Low
#ASI06: Memory and Context Poisoning
What this means

If real secrets are found, they may become visible in scan output or the current conversation context.

Why it was flagged

The scanner intentionally looks for sensitive strings in local project content. The artifact does not show exfiltration or persistence, but findings may expose sensitive context in the terminal or agent session.

Skill content
AWS/GitHub/OpenAI/Anthropic/Slack tokens, JWT, PEM/SSH keys
Recommendation

Use it on intended publish sets, rotate any real exposed secrets, and avoid sharing raw scan output if it contains live credentials.