Is Dev Machine Guard safe to use?

Dev Machine Guard has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Dev Machine Guard?

Dev Machine Guard can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Dev Machine Guard?

Dev Machine Guard is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Dev Machine Guard actively maintained?

Dev Machine Guard is actively maintained — last commit was 3 days ago. It has 91 GitHub stars.

32DNo CVEsactiveApache-2.0

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/dev-machine-guard)](https://mcppedia.org/s/dev-machine-guard)

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

Apache-2.0. View license →

✓

Is it maintained?

Last commit 3 days ago. 91 stars.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

MCPpedia Score

Click each category to see evidence

32D

Last scored 3h ago

How we score →

Security

6/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✓

License — License: Apache-2.0

○

Authentication — No authentication required

○

CVEs checked daily via OSV.dev. Score algorithm is open source.

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

MCP Security Weekly

Get CVE alerts and security updates for Dev Machine Guard and similar servers.

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

StepSecurity Dev Machine Guard

Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

Why Dev Machine Guard?

Developer machines are the new attack surface. They hold high-value assets — GitHub tokens, cloud credentials, SSH keys — and routinely execute untrusted code through dependencies and AI-powered tools. Recent supply chain attacks have shown that malicious VS Code extensions can steal credentials, rogue MCP servers can access your codebase, and compromised npm packages can exfiltrate secrets.

EDR and traditional MDM solutions monitor device posture and compliance, but they have zero visibility into the developer tooling layer:

Capability	EDR / MDM	Dev Machine Guard
IDE extension audit		Yes
AI agent & tool inventory		Yes
MCP server config audit		Yes
Node.js package scanning		Yes
Device posture & compliance	Yes
Malware / virus detection	Yes

Dev Machine Guard is complementary to EDR/MDM — not a replacement. Deploy it alongside your existing tools via MDM (Jamf, Kandji, Intune) or run it standalone.

Quick Start

Install from release (recommended)

Download the latest binary for your platform from GitHub Releases:

# Apple Silicon (M1/M2/M3/M4)
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_darwin_arm64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guard

# Intel Mac
curl -sSL https://github.com/step-security/dev-machine-guard/releases/latest/download/stepsecurity-dev-machine-guard_darwin_amd64 -o stepsecurity-dev-machine-guard
chmod +x stepsecurity-dev-machine-guard

# Run the scan
./stepsecurity-dev-machine-guard

Build from source

git clone https://github.com/step-security/dev-machine-guard.git
cd dev-machine-guard
make build
./stepsecurity-dev-machine-guard

Requires Go 1.24+. The binary has zero external dependencies.

Usage

stepsecurity-dev-machine-guard [COMMAND] [OPTIONS]

Commands

Command	Description

... View full README on GitHub

Dev Machine Guard

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

XcodeBuildMCP

Sequential Thinking MCP Server

Arxiv Mcp Server

Apify Mcp Server

Discussion