Shipcheck

The shipcheck skill is a pre-publish security utility designed to scan npm packages and repositories for sensitive information (PII, API keys, internal IPs) before publication. It functions as a wrapper for the `@symbolstar/shipcheck` CLI tool and provides clear instructions for the AI agent to trigger scans during sensitive operations like `npm publish` or `git push`. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found in the skill definition or instructions.