
Built by Kaileskkhumar, founder of HouseofMVPs and Kailxlabs
1 dependency (htmlparser2) · 180 tests · Node.js ESM · MIT
# Claude Code plugin
claude plugin marketplace add Houseofmvps/ultraship
claude plugin install ultraship
# Or standalone via npx
npx ultraship ship .
npx ultraship seo .
npx ultraship security .
flowchart LR
U["You type a
slash command"] --> S["Skill
(markdown instructions)"]
S --> A["Agent
(dispatched worker)"]
S --> T["Tools
(Node.js scripts)"]
A --> T
T --> O["JSON Results"]
O --> R["Scorecard / Report /
Actionable Fixes"]
style U fill:#f59e0b,stroke:#d97706,color:#000
style S fill:#8b5cf6,stroke:#7c3aed,color:#fff
style A fill:#3b82f6,stroke:#2563eb,color:#fff
style T fill:#10b981,stroke:#059669,color:#000
style R fill:#ef4444,stroke:#dc2626,color:#fff
flowchart TD
subgraph Lifecycle["Full Lifecycle Coverage"]
direction LR
I["Idea
/brainstorm"] --> B["Build
/sprint"]
B --> AU["Audit
/ship /seo /secure"]
AU --> D["Ship
/deploy"]
D --> L["Launch
/launch /compete"]
L --> G["Grow
/grow /cost"]
G --> RE["Rescue
/rescue /canary"]
end
style I fill:#8b5cf6,stroke:#7c3aed,color:#fff
style B fill:#3b82f6,stroke:#2563eb,color:#fff
style AU fill:#f59e0b,stroke:#d97706,color:#000
style D fill:#10b981,stroke:#059669,color:#000
style L fill:#06b6d4,stroke:#0891b2,color:#000
style G fill:#84cc16,stroke:#65a30d,color:#000
style RE fill:#ef4444,stroke:#dc2626,color:#fff
/ship Does/ship runs 5 tools in parallel and outputs a scorecard:
flowchart LR
SHIP["/ship"] --> SEO["seo-scanner
63 rules"]
SHIP --> SEC["secret-scanner
+ npm audit"]
SHIP --> CODE["code-profiler
N+1, leaks, ReDoS"]
SHIP --> BUNDLE["bundle-tracker
JS/CSS/images"]
SHIP --> ENV["env-validator
+ migration-checker"]
SEO --> SC["Scorecard
READY TO SHIP"]
SEC --> SC
CODE --> SC
BUNDLE --> SC
ENV --> SC
style SHIP fill:#f59e0b,stroke:#d97706,color:#000
style SC fill:#10b981,stroke:#059669,color:#000
style SEO fill:#3b82f6,stroke:#2563eb,color:#fff
style SEC fill:#3b82f6,stroke:#2563eb,color:#fff
style CODE fill:#3b82f6,stroke:#2563eb,color:#fff
style BUNDLE fill:#3b82f6,stroke:#2563eb,color:#fff
style ENV fill:#3b82f6,stroke:#2563eb,color:#fff
+===========================================+
| U L T R A S H I P S C O R E |
+===========================================+
| SEO + AI Vis. 92/100 ############- |
| Security 95/100 ############- |
| Code Quality 88/100 ###########-- |
| Bundle Size 97/100 ############- |
+===========================================+
| OVERALL 90/100 |
| STATUS READY TO SHIP |
+===========================================+
Demo

Each tool is a standalone Node.js script (node tools/<name>.mjs). JSON output. Exit 0 always. No build step.
| Tool | What it checks |
|---|---|
seo-scanner |
63 rules: 39 SEO (meta tags, canonicals, headings, OG tags, structured data, sitemap, cross-page duplicate/orphan detection), 20 GEO (AI bot access in robots.txt, snippet restrictions, llms.txt, structured data for AI extraction), 4 AEO (FAQPage/HowTo/speakable schema) |
secret-scanner |
AWS keys, Stripe keys, JWT secrets, database URLs, private keys. Redacts values in output. |
code-profiler |
N+1 queries, sync I/O in handlers, unbounded queries, missing indexes, memory leaks, sequential awaits, ReDoS risk |
bundle-tracker |
JS/CSS/image sizes in build output. Detects heavy deps (moment→dayjs, lodash→native). History for before/after. Monorepo-aware. |
dep-doctor |
Unused dependencies via import graph analysis (not just grep). Dead wrapper files. Outdated packages. |
content-scorer |
Flesch-Kincaid readability, keyword density, thin content detection, GEO heading analysis |
lighthouse-runner |
Lighthouse via headless Chrome. Core Web Vitals, render-blocking resources, diagnostics. |
| Tool | What it checks |
|---|---|
health-check |
HTTP status, response time, SSL certificate (issuer, expiry), 6 security headers |
env-validator |
Compares .env.example against actual .env. Catches missing/empty/placeholder vars. |
migration-checker |
Pending DB migrations for Drizzle, Prisma, Knex |
og-validator |
Open Graph tags, image reachability, size validation |
redirect-checker |
Redirect chains, loops, mixed HTTP/HTTPS. Sitemap-based bulk check. |
api-smoke-test |
Hit API endpoints, check status codes, response times, CORS headers |
| Tool | What it creates |
|---|---|
sitemap-generator |
sitemap.xml from HTML files and routes |
robots-generator |
AI-friendly robots.txt (allows GPTBot, PerplexityBot, ClaudeBot) |
llms-txt-generator |
llms.txt for AI assistant discoverability |
structured-data-generator |
JSON-LD schema markup |
| Tool | What it does |
|---|---|
compete-analyzer |
Compares two URLs: tech stack, SEO score, security headers, response time. ASCII comparison card. |
launch-prep |
Reads project, generates PH/Twitter/LinkedIn/HN copy, 14-item checklist, press kit |
demo-prep |
Finds console.logs, TODOs, placeholder text, missing favicons. Scores demo readiness. |
| Tool | What it does |
|---|---|
incident-commander |
Health check + git culprit analysis + error patterns + rollback commands + post-mortem template |
growth-tracker |
Uptime, git velocity, SEO trajectory, dep health. Stores snapshots for week-over-week comparison. |
cost-tracker |
Log AI token usage per feature/model. Built-in pricing for Claude, GPT-4o, Gemini. Daily trends. |
pentest-scanner |
Automated penetration testing: XSS, SQLi, SSTI, command injection, path traversal, CORS, JWT, GraphQL introspection, prototype pollution, race conditions, request smuggling. Zero false positives, every finding has proof-of-concept. |
canary-monitor |
Post-deploy canary monitoring: HTTP status, response time, error patterns, baseline regression detection. Auto-saves baselines for future comparison. |
retro-analyzer |
Sprint retrospective: git velocity, commit patterns (features vs fixes), test health, hot files, shipping cadence. Generates insights and recommendations. |
learnings-manager |
Project learnings CRUD: save, search, list, prune, export. Structured knowledge that compounds across sessions. |
| Tool | What it does |
|---|---|
onboard-generator |
Auto-generates developer guide: stack, directory tree, routes, schema, env vars, Mermaid diagram |
architecture-mapper |
4 Mermaid diagrams: system overview, route tree, DB ER, data flow. Circular dependency + orphan detection. |
pattern-analyzer |
Analyzes testing, error handling, TypeScript usage, CI/CD, git practices. Cross-repo comparison. |
audit-history |
Saves/compares audit scores over time |
| Tool | What it does |
|---|---|
gsc-client |
Google Search Console: submit sitemaps, inspect URLs, query rankings (requires ULTRASHIP_GSC_CREDENTIALS) |
bing-webmaster |
Bing Webmaster: submit sitemaps/URLs, IndexNow instant push, keyword research, backlinks, site-scan, URL inspection (requires ULTRASHIP_BING_KEY). Powers ChatGPT Search + Microsoft Copilot. |
ga4-client |
Google Analytics 4: overview, top-pages, landing-pages, traffic-sources, conversions, user-journey, devices, realtime, ai-traffic (ChatGPT/Perplexity/Copilot tracking), organic (search-only). --organic flag. |
keyword-intelligence |
12-command keyword engine: analyze, quick-wins, cannibalization, content-gaps, intent-map, trending, high-intent, page-keywords, content-decay, difficulty, anomalies (CTR anomalies), cross-reference (GSC↔GA4). --brand flag for non-brand filtering. |
index-doctor |
Index diagnosis: inspect URLs via GSC URL Inspection API, diagnose 15+ coverage states, auto-fix and submit to Bing. |
Slash commands available inside Claude Code after installing the plugin:
| Command | Description |
|---|---|
/sprint |
Sprint workflow. Structured pipeline from plan → build → test → review → ship → verify |
/investigate |
Root cause investigation. Structured debugging with module freeze, no fixes without evidence |
/learn |
Project learnings. Save, search, prune, export knowledge that compounds across sessions |
/guard |
Safety guardrails. Blocks destructive commands, optionally restricts edits to a directory |
/retro |
Sprint retrospective. Git velocity, commit patterns, test health, shipping cadence |
/canary |
Post-deploy canary. Verify production health, detect regressions after deployment |
/pentest |
Penetration testing. Hack-test your app (web, API, browser, GitHub, local code) |
/ship |
Pre-deploy scorecard. Runs 5 tools, scores 4 categories |
/seo |
SEO audit (63 rules) + AI visibility checks (bot access, snippet restrictions, schema) |
/secure |
Secret scanning + OWASP patterns + npm audit |
/perf |
Lighthouse + bundle size |
/deploy |
Env check → migration check → build → deploy → health check |
/review |
Code review with confidence-scored findings |
/health |
Production health check |
/compete |
Compare your site vs a competitor |
/launch |
Generate launch copy + checklist + press kit |
/rescue |
Incident diagnostics + rollback commands |
/grow |
Growth metrics over time |
/cost |
AI build cost tracking |
/onboard |
Generate developer onboarding guide |
/architecture |
Generate Mermaid architecture diagrams |
/clone-patterns |
Analyze any repo's patterns, compare to yours |
/demo |
Find dev artifacts, score demo readiness |
/visual-diff |
Before/after screenshot comparison (via Playwright MCP) |
/content |
Readability + keyword density analysis |
/bundle |
Bundle size tracking |
/profile |
Static analysis for backend anti-patterns |
/deps |
Unused/outdated dependency detection |
/redirects |
Redirect chain/loop detection |
/release |
Changelog + version bump + GitHub release + npm publish |
/revise-claude-md |
Update CLAUDE.md with session learnings |
/brainstorm |
Structured ideation → spec document |
/write-plan |
Implementation plan from spec |
/execute-plan |
Execute plan step by step |
Skills are markdown instruction files that shape Claude's behavior during your session. They activate based on context. When you're debugging, Claude uses the debugging skill. When you're building UI, it uses the frontend design skill.
Workflow (19): brainstorming, planning, TDD, implementation, code review, debugging, refactoring, frontend design, API design, data modeling, git workflow, deploy pipeline, release, CLAUDE.md management, verification, browser testing, sprint pipeline, investigation, learnings management
Specialist (8): SEO + AI visibility audit, security audit, penetration testing, performance audit, content quality, code profiling, parallel agent dispatching, safety guardrails
Growth & Intelligence (12): competitive analysis, launch prep, incident response, growth tracking, cost tracking, onboarding, architecture mapping, pattern
$ claude mcp add ultraship \
-- python -m otcore.mcp_server <graph>