step-security

step-security / dev-machine-guard

Public

Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

34
2
100% credibility
Found Mar 11, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

Dev Machine Guard is an open-source tool that scans macOS developer machines to inventory and flag potentially risky AI agents, IDE extensions, MCP servers, and Node.js packages.

How It Works

1
📰 Discover the guard

You hear about Dev Machine Guard, a quick checker that spots risky AI helpers, add-ons, and tools on your developer computer to keep your work safe.

2
📥 Grab the checker

You download the simple scanning tool directly to your Mac with an easy one-liner.

3
🔧 Ready to scan

You give the tool permission to run, and it's set up in seconds with no extra setup needed.

4
🔍 Run the safety scan

You launch the scan, and it swiftly reviews your installed coding apps, AI assistants, extensions, and packages for anything suspicious.

5
📊 Review your results

You see a clear, friendly report listing everything found, like AI tools and add-ons, with warnings for potential risks.

Stay secure

Now you know your developer setup is safe or exactly what to watch, giving you peace of mind while coding.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 34 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is dev-machine-guard?

Dev Machine Guard is a single Shell script that scans your macOS dev machine for AI agents, MCP servers, IDE extensions, and suspicious Node.js packages in seconds. It inventories tools like VS Code, Cursor, Claude, Ollama, and npm projects without accessing code, secrets, or files—outputting pretty terminal views, JSON, or HTML reports. Run it standalone via curl or deploy via MDM to spot security threats in the dev tooling layer that EDR misses.

Why is it gaining traction?

It fills a real gap: traditional scanners handle repos and deps, but ignore AI agents, extensions, and MCP configs—delivering quick device scans for malware-like risks from unvetted tools. Zero deps mean instant curl-and-run, with transparent bash code anyone can audit, plus opt-in npm scanning and JSON for pipelines. Enterprise upsells dashboards without hiding the core script.

Who should use this?

Security teams pushing compliance on dev fleets with Jamf or Intune. Mac devs scanning devices for security threats from rogue VS Code extensions or AI CLI tools like Aider. Org leads inventorying AI agents across machines before supply chain incidents hit.

Verdict

At 14 stars and 1.0% credibility, it's immature with macOS-only support and basic npm scans, but strong docs and CI make it low-risk to try. Grab the free script if dev machine blind spots worry you—solid start for targeted threat hunting.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.