Alexandros Kapravelos
July 29, 2025
Claude Desktop now supports Desktop Extensions, allowing you to add local tools with a single click. Socket has released its Socket MCP as a Desktop Extension that brings dependency security scanning directly into your Claude conversations. This means that all your coding questions to Claude will produce code that has secure dependencies, no more hallucinations or malicious packages.
Claude Desktop recently introduced a new way to extend Claude’s capabilities using Desktop Extensions. Instead of having to go through complicated steps to install MCP servers on your machine, Claude Desktop offers the same functionality as easy as clicking a button. These .dxt files are similar to browser extensions—download, install, and use. All processing happens locally on your machine.
Socket has released its MCP server as a Desktop Extension for Claude Desktop, integrating dependency security scanning directly into Claude with a click of a button.
Previously, adding MCP (Model Context Protocol) servers to Claude required installing Node.js or Python, running install commands, editing JSON configuration files, and restarting Claude. Now the process is much simpler: open the Desktop Extensions directory in Claude Desktop, click "Install" on the extension you want, and start using it immediately.
Socket MCP provides access to Socket.dev's security scanning capabilities within Claude. You can check package security without leaving your conversation.
Socket MCP analyzes packages from npm, PyPI, cargo, and other ecosystems across five dimensions. It examines supply chain security by checking the safety of package dependencies, evaluates code quality based on adherence to best practices, tracks maintenance status through update frequency and responsiveness, identifies known vulnerabilities including CVEs and security issues, and assesses license compliance for legal considerations. Each dimension receives a score from 0 to 100, providing a comprehensive security profile.
Basic package check:
Comparing packages:
Socket MCP is available in Claude Desktop's official Extensions directory:
Socket provides scores from 0 to 100 for each security dimension. While there are no official thresholds, scores between 90 and 100 indicate a strong security profile. Scores from 70 to 80 suggest minor concerns but are generally acceptable. When scores fall between 50 and 60, you should review the package carefully before using it. Anything below 50 warrants looking for alternatives. Your acceptable thresholds may vary based on project requirements.
Checking a new dependency:
Evaluating packages with issues:
Socket MCP helps you make security-aware choices throughout your development process. Start by setting thresholds that define minimum acceptable scores for your project. Focus on the dimensions that matter most to your specific needs—perhaps license compliance is critical for your enterprise, or maintenance status is key for long-term projects. Always compare multiple package options before making a choice, and when you must accept a lower-scoring package, document your reasoning for future reference.
Add rules to Claude (Settings > Profile > personal preferences) for automatic security checks:
# Security Checks
When I mention adding a dependency or generating code that has new dependencies:
1. Check their security score with Socket MCP
2. Alert me if any score is below 0.8
3. Suggest alternatives for low-scoring packages
When reviewing code:
- Scan imports and required packages
- Flag packages with vulnerability scores below 0.9For teams using Claude Desktop with Socket MCP, establishing consistent practices improves overall security. Start by standardizing threshold scores that all team members agree to follow. Schedule regular audits to review all project dependencies. When accepting packages with lower scores, document the reasoning behind these decisions. Maintain a shared list of pre-approved packages to streamline decision-making.
A typical team policy might require that new dependencies score above 0.8 in all dimensions, have been updated within the past year, use approved licenses like MIT, Apache, or BSD, and undergo additional review if any score falls below 0.9.
Socket MCP demonstrates the potential of Desktop Extensions for Claude. With one click, you add dependency security scanning to your development workflow. No command line, no configuration files—just install and ask Claude to check your dependencies.
This accessibility matters. When security tools are easy to use, they get used. When every developer can check package security with a simple question, codebases become more secure.
Socket MCP is available now in Claude Desktop's Extensions directory. Install it, try checking a few packages, and see how it fits into your workflow.
Have questions or feedback? Open an issue on the Socket MCP repository or reach out to the Socket team.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Product
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
Product
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
Product
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.