How should shipsec-studio be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this mcp.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

shipsec-studio answer-first brief

Workflow automation for Security Teams <div align="center"> <img src="docs/media/splash.png" alt="ShipSec AI" width="800"> </div> <p align="center"> <img src="https://img.shields.io/github/v/release/ShipSecAI/studio?color=blue&label=version" alt="Version"> <a href="https://github.com/ShipSecAI/studio/tree/main/LICENSE"><img src="https://img.shields.io/badge/license-Apache%202.0-green" alt="License"></a> <a href="https://discord.gg/fmMA4BtNXC"><img src="ht Published capability contract available. No trust telemetry is available yet. 164 GitHub stars reported by the source. Last updated 2/24/2026.

Freshness

Last checked 2/22/2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

shipsec-studio is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 100/100

shipsec-studio

MCPverified

Public facts

Change events

Artifacts

Freshness

Feb 22, 2026

Verifiededitorial-content1 verified compatibility signal164 GitHub stars

Published capability contract available. No trust telemetry is available yet. 164 GitHub stars reported by the source. Last updated 2/24/2026.

164 GitHub starsSchema refs publishedTrust evidence available

Trust score

Unknown

Compatibility

MCP

Freshness

Feb 22, 2026

Vendor

Shipsecai

Artifacts

Benchmarks

Last release

0.2.1

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Published capability contract available. No trust telemetry is available yet. 164 GitHub stars reported by the source. Last updated 2/24/2026.

View Source

Setup snapshot

git clone https://github.com/ShipSecAI/studio.git

1
Setup complexity is MEDIUM. Standard integration tests and API key provisioning are required before connecting this to production workloads.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Shipsecai

profilemedium

Observed Feb 24, 2026Source link Provenance

Compatibility (2)

Protocol compatibility

MCP

contracthigh

Observed Feb 24, 2026Source link Provenance

Auth modes

mcp, api_key

contracthigh

Observed Feb 24, 2026Source link Provenance

Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh

Observed Feb 24, 2026Source link Provenance

Adoption (1)

Adoption signal

164 GitHub stars

profilemedium

Observed Feb 24, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB MCP

Extracted files

Examples

Snippets

Languages

typescript

Executable Examples

bash

curl -fsSL https://get.shipsec.ai | bash

bash

curl -fsSL https://get.shipsec.ai | bash

bash

# Clone and start the latest stable release
git clone https://github.com/ShipSecAI/studio.git
cd studio
just prod start-latest

bash

# Instance 0 (default)
just dev

# Switch active workspace instance
just instance use 1
just dev

# Manage per-instance env files
just instance-env init 1

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB MCP

Docs source

GITHUB MCP

Editorial quality

ready

Full README

ShipSec Studio

Open-Source Security Workflow Orchestration Platform.

ShipSec is currently in active development. We are optimizing the platform for stable production use and high-performance security operations.

ShipSec Studio provides a visual DSL and runtime for building, executing, and monitoring automated security workflows. It decouples security logic from infrastructure management, providing a durable and isolated environment for running security tooling at scale.

<div align="center"> <a href="https://youtu.be/7uyv43VforM"> <img src="https://img.youtube.com/vi/7uyv43VforM/maxresdefault.jpg" alt="ShipSec Studio Demo" width="600"> </a> <p><em>Watch the platform in action on YouTube.</em></p> </div>

🏗️ Core Pillars

Durable, resumable workflows powered by Temporal.io for stateful execution across failures.
Isolated security runtimes using ephemeral containers with per-run volume management.
Unified telemetry streams delivering terminal output, events, and logs via a low-latency SSE pipeline.
Visual no-code builder that compiles complex security graphs into an executable DSL.

🚀 Deployment Options

1. Shipsec Self-Host with Docker (Recommended)

The easiest way to run ShipSec Studio on your own infrastructure:

One-Line Install

curl -fsSL https://get.shipsec.ai | bash

This installer will:

Check and install missing dependencies (docker, just, curl, jq, git)
Start Docker if not running
Clone the repository and start all services
Guide you through any required setup steps

Once complete, visit http://localhost to access ShipSec Studio.

2. ShipSec Cloud (Preview)

The fastest way to test ShipSec Studio without managing infrastructure.

Try it out: studio.shipsec.ai
Note: ShipSec Studio is under active development. The cloud environment is a technical preview for evaluation and sandbox testing.

3. Self-Host (Docker)

For teams requiring data residency and air-gapped security orchestrations. This setup runs the full stack (Frontend, Backend, Worker, and Infrastructure).

Prerequisites:

docker - For running the application and security components
just - Command runner for simplified workflows
curl and jq - For fetching release information

# Clone and start the latest stable release
git clone https://github.com/ShipSecAI/studio.git
cd studio
just prod start-latest

Access the studio at http://localhost.

🛠️ Capabilities

Integrated Tooling

Native support for industry-standard security tools including:

Discovery: Subfinder, DNSX, Naabu, HTTPx
Vulnerability: Nuclei, TruffleHog
Utility: JSON Transform, Logic Scripts, HTTP Requests

Advanced Orchestration

Human-in-the-Loop: Pause workflows for approvals, form inputs, or manual validation before continuing.
AI-Driven Analysis: Leverage LLM nodes and MCP providers for intelligent results interpretation.
Native Scheduling: Integrated CRON support for recurring security posture and compliance monitoring.
API First: Trigger and monitor any workflow execution via a comprehensive REST API.

MCP Integration

MCP Library: Centralized MCP server management with multi-server selection and automatic tool registration
Built-in MCP Servers: AWS CloudTrail, CloudWatch, and Filesystem support out-of-the-box
Seamless Tool Discovery: AI Agents automatically discover and use MCP tools via standardized contracts

🏛️ Architecture Overview

ShipSec Studio is designed for enterprise-grade durability and horizontal scalability.

Management Plane (Backend): NestJS service handling DSL compilation, secret management (AES-256-GCM), and identity.
Orchestration Plane (Temporal): Manages workflow state, concurrency, and persistent wait states.
Execution Plane (Worker): Stateless agents that pull tasks from Temporal and execute tool-bound activities in isolated runtimes.
Monitoring (SSE/Loki): Real-time telemetry pipeline for deterministic execution visibility.

Learn more about our design decisions and system components in the Architecture Deep-dive.

🤝 Community & Support

💬 Discord — Real-time support and community discussion.
🗣️ GitHub Discussions — Technical RFCs and feature requests.
📚 Documentation — Full guides on component development and deployment.

🔀 Multi-Instance Development

Run multiple isolated dev instances on one machine for parallel feature work:

# Instance 0 (default)
just dev

# Switch active workspace instance
just instance use 1
just dev

# Manage per-instance env files
just instance-env init 1

Each instance gets its own frontend port, backend port, database, and Temporal namespace while sharing a single Docker infra stack. See Multi-Instance Development Guide for full details.

✍️ Contributing

We welcome contributions to the management plane, worker logic, or new security components. See CONTRIBUTING.md for architectural guidelines and setup instructions.

License

ShipSec Studio is licensed under the Apache License 2.0.

<div align="center"> <p>Engineered for security teams by the ShipSec AI team.</p> </div>

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

ready

Auth

mcp, api_key

Streaming

Yes

Data region

global

Protocol support

MCP: verified

Requires: mcp, lang:typescript, streaming

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.

Trust confidence is not low and verification freshness is acceptable.

Protocol support is explicitly confirmed in contract metadata.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/snapshot"

curl -s "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract"

curl -s "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITLAB_AI_CATALOGgitlab-mcp

Rank

A Model Context Protocol (MCP) server for GitLab

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_PUBLIC_PROJECTSgitlab-mcp

Rank

A Model Context Protocol (MCP) server for GitLab

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_AI_CATALOGrmcp-openapi

Rank

Expose OpenAPI definition endpoints as MCP tools using the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_AI_CATALOGrmcp-actix-web

Rank

An actix_web backend for the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)

Traction

No public download signal

Freshness

Updated 2d ago

MCP

Machine Appendix

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "mcp",
    "api_key"
  ],
  "requires": [
    "mcp",
    "lang:typescript",
    "streaming"
  ],
  "forbidden": [],
  "supportsMcp": true,
  "supportsA2a": false,
  "supportsStreaming": true,
  "inputSchemaRef": "https://github.com/ShipSecAI/studio#input",
  "outputSchemaRef": "https://github.com/ShipSecAI/studio#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:46:34.543Z",
  "sourceUpdatedAt": "2026-02-24T19:46:34.543Z",
  "freshnessSeconds": 4428350
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "MCP"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_MCP",
      "generatedAt": "2026-04-17T01:52:25.531Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "MCP",
      "type": "protocol",
      "support": "supported",
      "confidenceSource": "contract",
      "notes": "Confirmed by capability contract"
    }
  ],
  "flattenedTokens": "protocol:MCP|supported|contract"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "MCP",
    "href": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:34.543Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "mcp, api_key",
    "href": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:34.543Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/ShipSecAI/studio#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:34.543Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Shipsecai",
    "href": "https://github.com/ShipSecAI/studio",
    "sourceUrl": "https://github.com/ShipSecAI/studio",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:43:14.176Z",
    "isPublic": true
  },
  {
    "factKey": "traction",
    "category": "adoption",
    "label": "Adoption signal",
    "value": "164 GitHub stars",
    "href": "https://github.com/ShipSecAI/studio",
    "sourceUrl": "https://github.com/ShipSecAI/studio",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:43:14.176Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-shipsecai-studio/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]