Dev Machine Guard
Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.
What is Dev Machine Guard?
Dev Machine Guard is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to scan your dev machine for ai agents, mcp servers, ide extensions, and suspicious packages - in seconds.
Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Scan your dev machine for AI agents, MCP servers, IDE extens
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx dev-machine-guardConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Dev Machine Guard
Dev Machine Guard is a security scanning tool built by StepSecurity that audits your development machine for AI agents, MCP servers, IDE extensions, and suspicious packages within seconds. It detects tools like Claude Code, GitHub Copilot CLI, Aider, and Ollama, scans MCP server configurations across Claude Desktop, Cursor, Windsurf, and Zed, and inventories packages from npm, Homebrew, Python, and system package managers. Developers and security teams use it to gain full visibility into what AI tooling and third-party extensions are running on their machines before they become a supply chain risk.
Prerequisites
- macOS, Linux, or Windows machine with internet access to download the binary
- curl (macOS/Linux) or PowerShell (Windows) to download the binary
- An MCP client such as Claude Desktop, Cursor, or Windsurf to invoke the server
- Optional: enterprise credentials (Customer ID, API Key, API Endpoint) for advanced reporting
Download the binary for your platform
Download the pre-built binary from the latest GitHub release. Choose the binary that matches your OS and architecture.
# macOS Apple Silicon
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_darwin_arm64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guard
# Linux x64
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_linux_amd64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guardRun interactively to verify the binary works
Run the binary directly to perform an initial scan. It will detect IDEs, AI tools, MCP servers, IDE extensions, and packages on your system.
./stepsecurity-dev-machine-guardConfigure scan settings (optional)
Run the configure subcommand to interactively set scan frequency, search directories, package scan toggles (npm, Homebrew, Python), output format, and log level. Configuration is saved to ~/.stepsecurity/config.json.
./stepsecurity-dev-machine-guard configureAdd the MCP server to your Claude Desktop config
Register Dev Machine Guard as an MCP server so AI assistants can invoke scans on demand. Because the binary is a Go executable (not an npm package), point the command directly at the downloaded binary path.
Use output flags for CI and reporting
Export scan results as JSON for programmatic consumption or as an HTML report for sharing with your security team.
# JSON output piped to jq
./stepsecurity-dev-machine-guard --json | jq '.ai_agents_and_tools'
# HTML report saved to file
./stepsecurity-dev-machine-guard --html report.html
# Verbose scan with npm package scanning enabled
./stepsecurity-dev-machine-guard --verbose --enable-npm-scanDev Machine Guard Examples
Client configuration
Add Dev Machine Guard to your Claude Desktop MCP configuration. Replace the path with the actual location of your downloaded binary.
{
"mcpServers": {
"dev-machine-guard": {
"command": "/usr/local/bin/stepsecurity-dev-machine-guard",
"args": []
}
}
}Prompts to try
Once connected, ask your AI assistant to invoke a scan and interpret the results.
- "Scan my dev machine and list all AI agents and tools installed"
- "Which MCP servers are configured on my machine and what commands do they run?"
- "Show me all npm global packages that might be suspicious"
- "Generate an HTML security report of my developer machine"Troubleshooting Dev Machine Guard
Permission denied when running the binary
Run chmod +x stepsecurity-dev-machine-guard after downloading. On macOS, you may also need to allow the binary in System Settings > Privacy & Security if Gatekeeper blocks it.
MCP server not showing up in Claude Desktop
Ensure the command path in claude_desktop_config.json is an absolute path to the binary (not a relative one), and restart Claude Desktop after saving the config.
npm or Python packages not appearing in scan results
Package scanning for npm, Homebrew, and Python is off or set to 'auto' by default. Run with --enable-npm-scan flag or set it via the configure command to explicitly enable it.
Frequently Asked Questions about Dev Machine Guard
What is Dev Machine Guard?
Dev Machine Guard is a Model Context Protocol (MCP) server that scan your dev machine for ai agents, mcp servers, ide extensions, and suspicious packages - in seconds. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Dev Machine Guard?
Follow the installation instructions on the Dev Machine Guard GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Dev Machine Guard?
Dev Machine Guard works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Dev Machine Guard free to use?
Yes, Dev Machine Guard is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Dev Machine Guard Alternatives — Similar Security Servers
Looking for alternatives to Dev Machine Guard? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Dev Machine Guard in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Dev Machine Guard?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.