Now on Chrome Web Store

A local firewall for
AI agents.

Many AI agent tools can operate with broad access to local files, browser sessions, and outbound requests depending on configuration. Most do not provide a local, developer-controlled payload scanner, MCP trust gateway, or outbound data-loss-prevention layer. CoworkGuard adds that missing local checkpoint.

Step 1
Download & Install
CoworkGuard_1.0.1_aarch64.dmg
macOS 12+ · Apple Silicon
Step 2
🧩 Add Chrome Extension
Domain warnings · Popup status
Works with or without the app

After downloading: open the .dmg → drag to Applications → open CoworkGuard → follow setup wizard

If macOS says "damaged": open Terminal and run xattr -cr /Applications/CoworkGuard.app

Free · Open source · No account required · All data stays on your machine

Why this matters

Recent security research has shown that hidden or injected instructions in documents, tool outputs, and other untrusted content can cause AI agents to include sensitive data in outbound API requests without obvious user awareness. Because those requests are sent to legitimate AI endpoints, they can look normal at the network layer. CoworkGuard adds a local inspection and blocking layer before that data leaves your machine.

10
AI APIs monitored
76
Detection patterns
100%
Runs locally
0
Data sent externally
Coverage

One local proxy that scans and blocks sensitive data before it leaves your machine.
Many common AI workflows.

CoworkGuard monitors outbound requests across supported AI API endpoints used by popular coding and assistant tools.

Supported
Anthropic
api.anthropic.com
Claude workflows
OpenAI
api.openai.com
ChatGPT, GPT-4, Assistants API
Google
generativelanguage.googleapis.com
Gemini
Cursor
api.cursor.sh
Cursor IDE
GitHub
copilot-proxy.githubusercontent.com
GitHub Copilot
Mistral
api.mistral.ai
Mistral
Perplexity
api.perplexity.ai
Perplexity
Cohere
api.cohere.com
Cohere
Groq
api.groq.com
Groq
xAI
api.x.ai
Grok
Features

A macOS security layer for
AI agents.

Six layers of protection covering outbound data, inbound tool responses, clipboard, filesystem, and supply chain attacks.

Universal Payload Scanner
Outbound requests to supported AI API endpoints are scanned against configurable detection patterns for secrets, credentials, private keys, internal URLs, and common forms of PII before they leave your machine.
MCP Trust Gateway
Intercepts MCP tool responses before they reach the LLM context. Scans for prompt injection, hidden unicode, credential leaks, and tool metadata changes. New tools are quarantined pending review. Rug-pull attacks are blocked automatically.
Clipboard Monitor
Polls the clipboard every 2 seconds. If an API key, SSN, or credential is copied from anywhere on your machine, CoworkGuard fires a warning immediately before it can be pasted into a prompt or request.
File Write Monitor
Watches the filesystem for sensitive data written to unexpected locations outside your allowed folders. Catches AI tools that attempt to stage credentials or PII to disk before forwarding them.
Folder Access Control
Declare which folders AI tools are permitted to read from. Content originating outside those folders is blocked at the API exit point regardless of which tool accessed it.
Skill Scanner
Watch mode scans local agent skills, plugins, and MCP-connected tools for obfuscated code, suspicious network calls, filesystem access, and permission-escalation patterns before execution.
Domain Guard
When an AI agent is active, an in-page warning appears the moment you navigate to a sensitive domain — AWS Console, Gmail, GitHub, Stripe, Salesforce, and 15 others.
Unified Audit Log
A single timestamped, filterable record of all events across all layers — API blocks, MCP decisions, clipboard warnings, file write alerts, and skill scan findings.
No Cloud Dependency
Everything runs on localhost. No accounts, no telemetry, no analytics. Raw content is never stored — only SHA-256 hashes and redacted previews are written to disk.
Detection

76 patterns across
every common vector.

From personal data to suspicious tool behavior, scanned at the network layer and during local skill review.

Critical — blocked by default
SSNCredit CardPrivate KeyAWS KeyAnthropic KeyGCP Service AccountAzure Connection StringCertificateAWS SecretMCP Credential
High — flagged, optionally blocked
OpenAI KeyHugging FaceGroqxAIReplicatePerplexityJWTBearer TokenGitHub TokenGitLab TokenStripe KeySlack TokenSendGridnpm TokenFirebaseDB ConnectionOAuth TokenMistralCohereTwilioSupabaseDatadogVercel / Netlify.env values
Medium — flagged
Email addressPhone numberDate of birthPassport numberIP addressInternal URLVPN hostname
Skill supply chain — scanned before execution
eval() / exec() Subprocess / shell Base64 obfuscation Hex obfuscation External fetch / curl SSH key access AWS credentials Keychain access WhatsApp / Telegram exfil Slack / Discord exfil MCP full filesystem MCP shell access LaunchAgent persistence
Privacy

A privacy tool that
guards its own data too.

CoworkGuard was built on a straightforward principle: a privacy tool that collects data about you is not a privacy tool. Everything it does happens on localhost, and the design reflects that from the ground up.

No cloud dependency. The proxy, scanner, and dashboard all run on your own machine.
No raw content stored. Only SHA-256 hashes and redacted previews are written to disk.
No telemetry or analytics. Zero data leaves your device.
No account required. Install it and it works.
Open source. Every line is auditable on GitHub.
Request flow — supported AI API endpoints
AI Agent Tool
CoworkGuard scanner
├─
SSN detected → BLOCKED
├─
JWT found → FLAGGED
└─
Clean → ALLOWED
Allowed requests only
AI API endpoint
Audit log → ~/.coworkguard/logs/
Tagged by provider. Stored locally. Never transmitted.

macOS AI Agent Security Layer.
Your AI agent firewall.

Download the macOS app or install the Chrome extension. Free, open source, no account required.

⬇ Download macOS App — Free Add Chrome Extension View Source

After downloading: open .dmg → drag to Applications → open app → follow setup wizard