CoworkGuard

Tracking since Apr 22, 2026.

Changelog

• May 27, 2026
  description

  CoworkGuard: macOS AI Agent Security Layer.
  
  Your AI agent firewall. Blocks sensitive data leaving your machine, intercepts MCP tool responses before they reach the model, and now detects Chrome's built-in AI (Prompt API) usage and suspicious extensions harvesting your AI conversations.
  
  This Chrome extension requires the free CoworkGuard macOS app to work. Download it first at coworkguard.com
  
  What it protects against:
  - PII: SSNs, credit cards, passport numbers, email addresses
  - API keys and credentials across all major AI providers
  - Private keys, JWTs, and authentication tokens
  - Database connection strings and internal infrastructure data
  - .env file values and secrets
  - Prompt injection in MCP tool responses
  - Tool metadata changes and rug-pull attacks
  - Hidden unicode and steganographic content in tool output
  - Chrome built-in AI (Gemini Nano) usage via the Prompt API
  - Extensions harvesting your AI conversations by overriding fetch()
  
  Seven layers of protection:
  - Payload scanner: intercepts and scans every outbound AI API request across 10 AI APIs
  - MCP Trust Gateway: scans tool responses before they reach the LLM, blocks injection and credential leaks
  - Skill scanner: watches Cowork, OpenClaw and MCP skill files for supply chain attacks before they execute
  - Clipboard monitor: warns when sensitive data is copied to clipboard
  - File write monitor: warns when sensitive data is written outside allowed folders
  - Domain guard: warns when you navigate to sensitive pages while an AI session is active
  - Prompt API detector: detects websites using Chrome's built-in AI and flags suspicious extensions intercepting your conversations
  
  Folder access control:
  - Declare which folders AI tools are permitted to read from. Content from all other folders is blocked at the API exit point.
  
  Requirements:
  macOS 12 (Monterey) or later
  Companion macOS app required (free): coworkguard.com
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  
  Download the macOS app: coworkguard.com

  CoworkGuard: Runtime Visibility for AI Tools on Your Mac
  
  AI tools read files, access credentials, download models, and make outbound requests, often silently. CoworkGuard shows you exactly what they're doing, and stops sensitive data before it leaves your machine.
  
  This extension requires the free CoworkGuard macOS app. Download it first at coworkguard.com
  
  WHAT'S NEW IN V1.0.7
  
  AI session detection: CoworkGuard now logs when you open AI web apps in your browser, so you have a complete picture of your AI activity across all tools..
  
  Model download alerts: detects when Large Language Models are downloaded silently to your Mac.
  
  Behavioural correlation: surfaces sequences like "AI tool accessed private data, then connected outward 4 seconds later".
  
  Live session panel: see which AI web apps are currently open in your browser at a glance.
  
  WHAT IT PROTECTS AGAINST
  
  Sensitive data leaving your machine:
  - SSNs, credit cards, passport numbers, email addresses
  - API keys and credentials across all major AI providers
  - Private keys, JWTs, and authentication tokens
  - Database connection strings and infrastructure secrets
  - .env file values and environment variables
  
  AI tool supply chain attacks:
  - Prompt injection in MCP tool responses
  - Hidden instructions and unicode steganography in tool output
  - Tool metadata changes and rug-pull attacks
  - Suspicious extensions harvesting your AI conversations by overriding fetch()
  
  Silent local AI activity:
  - Large Language Models downloaded without a permission prompt
  - Websites using locally installed AI models without your knowledge
  - AI web app sessions you may not have noticed are open
  
  
  SEVEN LAYERS OF PROTECTION
  
  1. Payload scanner — intercepts every outbound AI API request across 19 providers and blocks sensitive data before transmission
  
  2. MCP Trust Gateway — scans tool responses before they reach the model, blocks injection attacks and credential leaks
  
  3. Skill scanner — watches MCP skill files for supply chain attacks before they execute
  
  4. Clipboard monitor — alerts when sensitive data is copied to clipboard while an AI session is active
  
  5. File write monitor — warns when sensitive data is written outside your approved folders, with exact triggering line shown
  
  6. AI session tracker — logs when AI web apps are opened and closed, giving you a complete browser AI activity trail
  
  7. Local AI detector — detects when browsers use locally installed AI models and flags extensions intercepting your AI conversations
  
  BEHAVIOURAL CORRELATION
  
  CoworkGuard doesn't just log events — it connects them. When an AI tool accesses private data and then makes an outbound request within seconds, CoworkGuard surfaces the sequence in plain English.
  
  No packet inspection. No SIEM dashboards. Just: what happened, in order, explained.
  
  PRIVACY
  
  Everything runs locally on your Mac. No accounts. No cloud. No telemetry. Your data never leaves your machine. Raw payload content is never stored — only hashes and redacted previews.
  
  REQUIREMENTS
  
  - macOS 12 (Monterey) or later
  - CoworkGuard macOS app (free): coworkguard.com
  - Works with Chrome, Brave, and Edge
  
  Download the free macOS app: coworkguard.com

• May 27, 2026
  short_description

  Local firewall for AI agents- monitors outbound API requests. Blocks sensitive data before it leaves your machine.

  Runtime visibility for AI tools. Detects AI sessions, model downloads, and sensitive data — works with the CoworkGuard macOS app.

• May 27, 2026
  host_permissions

  https://api.anthropic.com/*, https://api.openai.com/*, https://generativelanguage.googleapis.com/*, https://api.mistral.ai/*, https://api.cohere.com/*, https://api.groq.com/*, https://api.x.ai/*, https://api.perplexity.ai/*, https://api.cursor.sh/*, https://copilot-proxy.githubusercontent.com/*

  https://api.anthropic.com/*, https://api.openai.com/*, https://generativelanguage.googleapis.com/*, https://api.mistral.ai/*, https://api.cohere.com/*, https://api.groq.com/*, https://api.x.ai/*, https://api.perplexity.ai/*, https://api.cursor.sh/*, https://copilot-proxy.githubusercontent.com/*, https://claude.ai/*, https://chat.openai.com/*, https://chatgpt.com/*, https://gemini.google.com/*, https://perplexity.ai/*, https://www.perplexity.ai/*, https://poe.com/*, https://mistral.ai/*, https://groq.com/*, https://copilot.microsoft.com/*, https://character.ai/*, https://coze.com/*, https://huggingface.co/*, https://you.com/*, https://phind.com/*, https://cursor.sh/*, https://github.com/*

• May 14, 2026
  description

  CoworkGuard: A macOS AI Agent Security Layer.
  
  Your AI agent firewall. Blocks sensitive data leaving your machine and intercepts MCP tool responses before they reach the model.
  
  This Chrome extension requires the free CoworkGuard macOS app to work. Download it first at coworkguard.com
  
  What it protects against:
  PII: SSNs, credit cards, passport numbers, email addresses
  API keys and credentials across all major AI providers
  Private keys, JWTs, and authentication tokens
  Database connection strings and internal infrastructure data
  .env file values and secrets
  Prompt injection in MCP tool responses
  Tool metadata changes and rug-pull attacks
  Hidden unicode and steganographic content in tool output
  
  Six layers of protection:
  Payload scanner: intercepts and scans every outbound AI API request across 10 AI APIs
  MCP Trust Gateway: scans tool responses before they reach the LLM, blocks injection and credential leaks
  Skill scanner: watches Cowork, OpenClaw and MCP skill files for supply chain attacks before they execute
  Clipboard monitor: warns when sensitive data is copied to clipboard
  File write monitor: warns when sensitive data is written outside allowed folders
  Domain guard: warns when you navigate to sensitive pages while an AI session is active
  Folder access control:
  Declare which folders AI tools are permitted to read from. Content from all other folders is blocked at the API exit point.
  
  Requirements:
  macOS 12 (Monterey) or later
  Companion macOS app required (free): coworkguard.com
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  
  Download the macOS app: coworkguard.com

  CoworkGuard: macOS AI Agent Security Layer.
  
  Your AI agent firewall. Blocks sensitive data leaving your machine, intercepts MCP tool responses before they reach the model, and now detects Chrome's built-in AI (Prompt API) usage and suspicious extensions harvesting your AI conversations.
  
  This Chrome extension requires the free CoworkGuard macOS app to work. Download it first at coworkguard.com
  
  What it protects against:
  - PII: SSNs, credit cards, passport numbers, email addresses
  - API keys and credentials across all major AI providers
  - Private keys, JWTs, and authentication tokens
  - Database connection strings and internal infrastructure data
  - .env file values and secrets
  - Prompt injection in MCP tool responses
  - Tool metadata changes and rug-pull attacks
  - Hidden unicode and steganographic content in tool output
  - Chrome built-in AI (Gemini Nano) usage via the Prompt API
  - Extensions harvesting your AI conversations by overriding fetch()
  
  Seven layers of protection:
  - Payload scanner: intercepts and scans every outbound AI API request across 10 AI APIs
  - MCP Trust Gateway: scans tool responses before they reach the LLM, blocks injection and credential leaks
  - Skill scanner: watches Cowork, OpenClaw and MCP skill files for supply chain attacks before they execute
  - Clipboard monitor: warns when sensitive data is copied to clipboard
  - File write monitor: warns when sensitive data is written outside allowed folders
  - Domain guard: warns when you navigate to sensitive pages while an AI session is active
  - Prompt API detector: detects websites using Chrome's built-in AI and flags suspicious extensions intercepting your conversations
  
  Folder access control:
  - Declare which folders AI tools are permitted to read from. Content from all other folders is blocked at the API exit point.
  
  Requirements:
  macOS 12 (Monterey) or later
  Companion macOS app required (free): coworkguard.com
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  
  Download the macOS app: coworkguard.com

• May 9, 2026
  description

  CoworkGuard  an AI Agent Firewall
  macOS only (Apple Silicon + Intel). Windows and Linux versions are not yet available.
  
  CoworkGuard is a privacy and security layer for AI agent tools. 
  It monitors outbound requests to major AI APIs, scans payloads for sensitive data, and blocks critical findings before they leave your machine.
  What it protects against:
  
  PII - SSNs, credit cards, passport numbers, email addresses.
  API keys and credentials across all major AI providers.
  Private keys, JWTs, and authentication tokens.
  Database connection strings and internal infrastructure data.
  .env file values and secrets.
  
  Four layers of protection:
  
  Payload scanner - intercepts and scans every outbound AI API request.
  Clipboard monitor - warns when sensitive data is copied to clipboard.
  File write monitor - warns when sensitive data is written outside allowed folders.
  Domain guard - warns when you navigate to sensitive pages while an AI session is active.
  
  Requirements:
  
  macOS 12 (Monterey) or later
  Python 3.11, 3.12, 3.13 or 3.14
  The companion macOS app (free download at the link below).
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  Download the macOS app: github.com/Katherine-Holland/ClaudeCoworkGuard/releases
  Open source: github.com/Katherine-Holland/ClaudeCoworkGuard

  CoworkGuard: A macOS AI Agent Security Layer.
  
  Your AI agent firewall. Blocks sensitive data leaving your machine and intercepts MCP tool responses before they reach the model.
  
  This Chrome extension requires the free CoworkGuard macOS app to work. Download it first at coworkguard.com
  
  What it protects against:
  PII: SSNs, credit cards, passport numbers, email addresses
  API keys and credentials across all major AI providers
  Private keys, JWTs, and authentication tokens
  Database connection strings and internal infrastructure data
  .env file values and secrets
  Prompt injection in MCP tool responses
  Tool metadata changes and rug-pull attacks
  Hidden unicode and steganographic content in tool output
  
  Six layers of protection:
  Payload scanner: intercepts and scans every outbound AI API request across 10 AI APIs
  MCP Trust Gateway: scans tool responses before they reach the LLM, blocks injection and credential leaks
  Skill scanner: watches Cowork, OpenClaw and MCP skill files for supply chain attacks before they execute
  Clipboard monitor: warns when sensitive data is copied to clipboard
  File write monitor: warns when sensitive data is written outside allowed folders
  Domain guard: warns when you navigate to sensitive pages while an AI session is active
  Folder access control:
  Declare which folders AI tools are permitted to read from. Content from all other folders is blocked at the API exit point.
  
  Requirements:
  macOS 12 (Monterey) or later
  Companion macOS app required (free): coworkguard.com
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  
  Download the macOS app: coworkguard.com

• May 4, 2026
  description

  CoworkGuard is a privacy and security layer for AI agent tools. 
  It monitors outbound requests to major AI APIs, scans payloads 
  for sensitive data, and blocks critical findings before they 
  leave your machine.
  
  What it protects against:
  - PII — SSNs, credit cards, passport numbers, email addresses
  - API keys and credentials across all major AI providers
  - Private keys, JWTs, and authentication tokens  
  - Database connection strings and internal infrastructure data
  - .env file values and secrets
  
  Two layers of protection:
  - Payload scanner — intercepts and scans every outbound request
  - Domain guard — warns when you navigate to sensitive pages 
    while an AI session is active
  
  Everything runs locally. No accounts, no cloud, no telemetry. 
  Your data never leaves your machine.
  
  Open source: github.com/Katherine-Holland/ClaudeCoworkGuard

  CoworkGuard  an AI Agent Firewall
  macOS only (Apple Silicon + Intel). Windows and Linux versions are not yet available.
  
  CoworkGuard is a privacy and security layer for AI agent tools. 
  It monitors outbound requests to major AI APIs, scans payloads for sensitive data, and blocks critical findings before they leave your machine.
  What it protects against:
  
  PII - SSNs, credit cards, passport numbers, email addresses.
  API keys and credentials across all major AI providers.
  Private keys, JWTs, and authentication tokens.
  Database connection strings and internal infrastructure data.
  .env file values and secrets.
  
  Four layers of protection:
  
  Payload scanner - intercepts and scans every outbound AI API request.
  Clipboard monitor - warns when sensitive data is copied to clipboard.
  File write monitor - warns when sensitive data is written outside allowed folders.
  Domain guard - warns when you navigate to sensitive pages while an AI session is active.
  
  Requirements:
  
  macOS 12 (Monterey) or later
  Python 3.11, 3.12, 3.13 or 3.14
  The companion macOS app (free download at the link below).
  
  Everything runs locally. No accounts, no cloud, no telemetry. Your data never leaves your machine.
  Download the macOS app: github.com/Katherine-Holland/ClaudeCoworkGuard/releases
  Open source: github.com/Katherine-Holland/ClaudeCoworkGuard

• May 4, 2026
  short_description

  Monitors and guards against sensitive data exposure when Claude Cowork is active.

  Local firewall for AI agents- monitors outbound API requests. Blocks sensitive data before it leaves your machine.

Permissions & access

Permissions

tabsactiveTabstoragewebRequestnotifications

Host access

https://api.anthropic.com/*, https://api.openai.com/*, https://generativelanguage.googleapis.com/*, https://api.mistral.ai/*, https://api.cohere.com/*, https://api.groq.com/*, https://api.x.ai/*, https://api.perplexity.ai/*, https://api.cursor.sh/*, https://copilot-proxy.githubusercontent.com/*, https://claude.ai/*, https://chat.openai.com/*, https://chatgpt.com/*, https://gemini.google.com/*, https://perplexity.ai/*, https://www.perplexity.ai/*, https://poe.com/*, https://mistral.ai/*, https://groq.com/*, https://copilot.microsoft.com/*, https://character.ai/*, https://coze.com/*, https://huggingface.co/*, https://you.com/*, https://phind.com/*, https://cursor.sh/*, https://github.com/*

Screenshots