Dev Machine Guard

v1.0.0Securitystable

Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

dev-machine-guardmcpai-integration
Share:
134
Stars
0
Downloads
0
Weekly
0/5

What is Dev Machine Guard?

Dev Machine Guard is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to scan your dev machine for ai agents, mcp servers, ide extensions, and suspicious packages - in seconds.

Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Scan your dev machine for AI agents, MCP servers, IDE extens

Use Cases

Scan development machines for suspicious packages and vulnerabilities.
Audit installed AI agents, MCP servers, and IDE extensions quickly.
step-security

Maintainer

LicenseApache-2.0
Languagego
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx dev-machine-guard

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Dev Machine Guard

Dev Machine Guard is a security scanning tool built by StepSecurity that audits your development machine for AI agents, MCP servers, IDE extensions, and suspicious packages within seconds. It detects tools like Claude Code, GitHub Copilot CLI, Aider, and Ollama, scans MCP server configurations across Claude Desktop, Cursor, Windsurf, and Zed, and inventories packages from npm, Homebrew, Python, and system package managers. Developers and security teams use it to gain full visibility into what AI tooling and third-party extensions are running on their machines before they become a supply chain risk.

Prerequisites

  • macOS, Linux, or Windows machine with internet access to download the binary
  • curl (macOS/Linux) or PowerShell (Windows) to download the binary
  • An MCP client such as Claude Desktop, Cursor, or Windsurf to invoke the server
  • Optional: enterprise credentials (Customer ID, API Key, API Endpoint) for advanced reporting
1

Download the binary for your platform

Download the pre-built binary from the latest GitHub release. Choose the binary that matches your OS and architecture.

# macOS Apple Silicon
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_darwin_arm64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guard

# Linux x64
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_linux_amd64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guard
2

Run interactively to verify the binary works

Run the binary directly to perform an initial scan. It will detect IDEs, AI tools, MCP servers, IDE extensions, and packages on your system.

./stepsecurity-dev-machine-guard
3

Configure scan settings (optional)

Run the configure subcommand to interactively set scan frequency, search directories, package scan toggles (npm, Homebrew, Python), output format, and log level. Configuration is saved to ~/.stepsecurity/config.json.

./stepsecurity-dev-machine-guard configure
4

Add the MCP server to your Claude Desktop config

Register Dev Machine Guard as an MCP server so AI assistants can invoke scans on demand. Because the binary is a Go executable (not an npm package), point the command directly at the downloaded binary path.

5

Use output flags for CI and reporting

Export scan results as JSON for programmatic consumption or as an HTML report for sharing with your security team.

# JSON output piped to jq
./stepsecurity-dev-machine-guard --json | jq '.ai_agents_and_tools'

# HTML report saved to file
./stepsecurity-dev-machine-guard --html report.html

# Verbose scan with npm package scanning enabled
./stepsecurity-dev-machine-guard --verbose --enable-npm-scan

Dev Machine Guard Examples

Client configuration

Add Dev Machine Guard to your Claude Desktop MCP configuration. Replace the path with the actual location of your downloaded binary.

{
  "mcpServers": {
    "dev-machine-guard": {
      "command": "/usr/local/bin/stepsecurity-dev-machine-guard",
      "args": []
    }
  }
}

Prompts to try

Once connected, ask your AI assistant to invoke a scan and interpret the results.

- "Scan my dev machine and list all AI agents and tools installed"
- "Which MCP servers are configured on my machine and what commands do they run?"
- "Show me all npm global packages that might be suspicious"
- "Generate an HTML security report of my developer machine"

Troubleshooting Dev Machine Guard

Permission denied when running the binary

Run chmod +x stepsecurity-dev-machine-guard after downloading. On macOS, you may also need to allow the binary in System Settings > Privacy & Security if Gatekeeper blocks it.

MCP server not showing up in Claude Desktop

Ensure the command path in claude_desktop_config.json is an absolute path to the binary (not a relative one), and restart Claude Desktop after saving the config.

npm or Python packages not appearing in scan results

Package scanning for npm, Homebrew, and Python is off or set to 'auto' by default. Run with --enable-npm-scan flag or set it via the configure command to explicitly enable it.

Frequently Asked Questions about Dev Machine Guard

What is Dev Machine Guard?

Dev Machine Guard is a Model Context Protocol (MCP) server that scan your dev machine for ai agents, mcp servers, ide extensions, and suspicious packages - in seconds. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Dev Machine Guard?

Follow the installation instructions on the Dev Machine Guard GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Dev Machine Guard?

Dev Machine Guard works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Dev Machine Guard free to use?

Yes, Dev Machine Guard is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Dev Machine Guard Alternatives — Similar Security Servers

Looking for alternatives to Dev Machine Guard? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "dev-machine-guard": { "command": "npx", "args": ["-y", "dev-machine-guard"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Dev Machine Guard?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides