How do I install Devtools?

Devtools is a local plugin. Install it using npm package: @oscarmarin/mcp-devtools and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Devtools?

Devtools uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Devtools MCP Server

by Marin1321

Developer ToolsLow Risk10.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server giving AI agents safe access to filesystem, databases, processes, and APIs.

About

MCP server giving AI agents safe access to filesystem, databases, processes, and APIs.

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). 1 code issue detected. No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

8 files analyzed · 2 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

env_vars

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-marin1321-mcp-devtools": {
      "args": [
        "-y",
        "@oscarmarin/mcp-devtools"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

mcp-devtools

AI-native developer tools via Model Context Protocol. A production-grade MCP server that gives AI agents (Claude, Cursor, Copilot, Continue, ...) safe, scoped access to your local development environment.

Why

The MCP ecosystem is full of single-purpose tutorials and vendor-locked adapters. There is no well-maintained, multi-tool, framework-agnostic, production-quality MCP package for everyday developer tooling.

mcp-devtools fills that gap with 14 tools, 3 MCP Resources, 4 MCP Prompts, a Plugin API, two transport modes (stdio + HTTP with auth), and an audit log — built on patterns refined in production at DailyBot.

Quick start

stdio (default)

npx @oscarmarin/mcp-devtools

Add it to Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "devtools": {
      "command": "npx",
      "args": ["-y", "@oscarmarin/mcp-devtools"]
    }
  }
}

Or Cursor (~/.cursor/mcp.json): same block.

HTTP transport

Create a mcp-devtools.json in your project root:

{
  "transport": "http",
  "port": 3333,
  "auth": {
    "token": "env:MCP_AUTH_TOKEN"
  }
}

Then start the server:

npx @oscarmarin/mcp-devtools

The MCP endpoint will be available at http://localhost:3333.

Tools

Group	Tools
Filesystem	`read_file`, `write_file`, `list_directory`, `search_files`, `get_file_info`
Database	`query_db`, `list_tables`, `describe_table`
Process	`run_command`, `read_logs`, `get_env`, `list_processes`
OpenAPI	`parse_openapi`, `call_api`

Per-tool reference: docs/tools/.

MCP Resources

The server exposes read-only data via MCP Resources:

URI	Description
`devtools://tools`	Catalog of all registered tools with schemas
`devtools://server-info`	Server version, transport, scope, tool count

MCP Prompts

Curated prompt templates for common development workflows:

Prompt	Description
`debug_error`	Systematically debug an error using mcp-devtools tools
`code_review`	Review a file for bugs, security issues, and code quality
`explore_codebase`	Explore and understand a project's structure and conventions
`refactor_function`	Refactor a function for readability, performance, or testability

Plugin API

Extend mcp-devtools with custom tools — no fork required.

Config-based (load at startup):

{
  "plugins": ["./my-tools.js", "@scope/mcp-plugin-foo"]
}

Each plugin module default-exports an array of tool definitions:

import { defineTool } from "@oscarmarin/mcp-devtools";
import { z } from "zod";

export default [
  defineTool({
    name: "my_tool",
    description: "Does something useful",
    inputSchema: z.object({ input: z.string() }),
    handler: async (args, config) => ({
      ok: true,
      data: { result: args.input.toUpperCase() },
    }),
  }),
];

Configuration

Configuration is loaded by cosmiconfig from mcp-devtools.json, .mcp-devtoolsrc, or the mcpDevtools key in package.json. See mcp-devtools.example.json and docs/configuration.md for the full schema.

Zero-config is supported: running npx @oscarmarin/mcp-devtools with no config uses schema defaults (RNF-05).

Security

Four non-bypassable controls:

Filesystem scope boundary. Every path is resolved to an absolute and compared against config.scope. Symlinks that escape scope throw SCOPE_VIOLATION.
Command allowlist. run_command only executes binaries whose basename is in allowedCommands. Invocation uses spawn(file, args) (no shell), so shell-injection via the command argument is structurally impossible.
Database read-only mode. When readOnly: true, all SQL is parsed and INSERT/UPDATE/DELETE/DROP/CREATE/GRANT are rejected. Queries run in BEGIN READ ONLY ... ROLLBACK on PostgreSQL.
HTTP Bearer auth. When auth.token is configured, every HTTP request must include Authorization: Bearer <token>. Comparison uses crypto.timingSafeEqual to prevent timing attacks.

Additional safety measures:

Audit log. Opt-in NDJSON log of every tool invocation with timing, sanitized inputs, and result status.
Secret masking. get_env automatically masks values matching common secret patterns (SECRET, TOKEN, PASSWORD, KEY, etc.).
OpenAPI host restriction. call_api only sends requests to hosts listed in the spec's servers array.
Output capping. All tools cap their output to prevent context flooding (100KB for commands, 1MB for files, 200 rows for queries).

Contributing

git clone https://github.com/marin1321/mcp-devtools.git
cd mcp-devtools
npm install
npm run dev       # tsup --watch
npm run test      # vitest
npm run typecheck # tsc --noEmit
npm run lint      # eslint .

See CONTRIBUTING.md for the full workflow and CODE_OF_CONDUCT.md for community guidelines.

License

MIT © Oscar Humberto Marin Molina — oscarmarindev.com

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Devtools MCP Server

About

Security Report

Findings (2)

Permissions Required

How to Install

Documentation

mcp-devtools

Why

Quick start

stdio (default)

HTTP transport

Tools

MCP Resources

MCP Prompts

Plugin API

Configuration

Security

Contributing

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript