The MCP servers on your fleet
that nobody registered.

One command, free to run, finds them. It doesn't block or proxy anything — just tells you what's out there, and sends the report to your INS dashboard.

ins-detect

Terminal transcript: dollar ./ins-detect --dry-run. ins-detect would read the following paths, nothing was read: ~/.claude.json, ~/.cursor/mcp.json, ~/.gemini/settings.json, and 12 more, per client, nothing read yet. Dollar ./ins-detect --summary. INS-DETECT: 2 agents, 3 servers, 2 stdio and 1 http, 2 unenrolled, 2 with credentials, 1 user, machine ID resolved OK.

Get the binary

Every release ships with a signed checksums.txt. Verify before you put it in your RMM's file library:

curl -LO https://github.com/ins-security-official/ins-detect/releases/latest/download/checksums.txt
sha256sum -c checksums.txt --ignore-missing

Deploy across a fleet

Wrapper scripts for the RMM platforms MSPs actually run. Each writes results into that RMM's own custom-field mechanism, and can submit the full report to your INS account via an ingest token.

Platform Coverage
NinjaOne Verified — Windows, macOS, Linux Setup guide →
Datto RMM Verified — Windows only Setup guide →
ConnectWise Template — field-write call varies by tier Setup guide →
Falcon RTR Manual bulk-session runbook Setup guide →

Binary-only license — free to run against your own environment, source not included. Findings are handled per our Privacy Policy.