About / Policy

ShipCheck

No AI API

What ShipCheck does

ShipCheck runs an external smoke check against a URL you submit: it fetches the landing page, same-origin script files referenced by static <script src> tags, a handful of well-known paths (such as /.env, /admin, /debug), and a few same-origin links. All requests are plain HTTP GET with the user agent ShipCheck and a contact URL. It never logs in, never submits forms, never bypasses any access control, and reads only small, capped amounts of data.

Intended use

ShipCheck is meant for checking your own app (or one you have permission to check) before you post it publicly. Do not use it to scan sites you do not control. Per-client and per-target rate limits are enforced.

What the result means

The report lists externally observable facts only. It is not a security assessment and not a guarantee. "Pass" means a specific surface looked fine from outside; "Cannot verify" means exactly that. Secret scanning covers only the landing HTML and same-origin scripts referenced by static tags, up to a size cap — dynamically imported chunks and cross-origin bundles are not scanned.

Data handling

Check results are generated per request and are not stored on the server. There is no database and no scan history. Standard operational access logs (client IP, time, endpoint) may be kept briefly for abuse prevention; checked URLs are not published.

Site owners: opt out

If ShipCheck requests are unwelcome on your site, block the ShipCheck user agent or contact the operator via runsol.jp and the hostname will be excluded.

Back to ShipCheck