ๆƒฏๆ€ง่šๅˆ ้ซ˜ๆ•ˆ่ฟฝ่ธชๅ’Œ้˜…่ฏปไฝ ๆ„Ÿๅ…ด่ถฃ็š„ๅšๅฎขใ€ๆ–ฐ้—ปใ€็ง‘ๆŠ€่ต„่ฎฏ
้˜…่ฏปๅŽŸๆ–‡ ๅœจๆƒฏๆ€ง่šๅˆไธญๆ‰“ๅผ€

ๆŽจ่่ฎข้˜…ๆบ

S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security Affairs
Hacker News: Ask HN
Hacker News: Ask HN
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
OSCHINA ็คพๅŒบๆœ€ๆ–ฐๆ–ฐ้—ป
OSCHINA ็คพๅŒบๆœ€ๆ–ฐๆ–ฐ้—ป
MyScale Blog
MyScale Blog
ๆœˆๅ…‰ๅšๅฎข
ๆœˆๅ…‰ๅšๅฎข
W
WeLiveSecurity
T
Threat Research - Cisco Blogs
Martin Fowler
Martin Fowler
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
The GitHub Blog
The GitHub Blog
Webroot Blog
Webroot Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
TaoSecurity Blog
TaoSecurity Blog
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
F
Full Disclosure
U
Unit 42
Jina AI
Jina AI
ๅš
ๅšๅฎขๅ›ญ - ๅธๅพ’ๆญฃ็พŽ
้˜ฎไธ€ๅณฐ็š„็ฝ‘็ปœๆ—ฅๅฟ—
้˜ฎไธ€ๅณฐ็š„็ฝ‘็ปœๆ—ฅๅฟ—
L
LINUX DO - ๆœ€ๆ–ฐ่ฏ้ข˜
ๅฎ็މ็š„ๅˆ†ไบซ
ๅฎ็މ็š„ๅˆ†ไบซ
ๅคง็Œซ็š„ๆ— ้™ๆธธๆˆ
ๅคง็Œซ็š„ๆ— ้™ๆธธๆˆ
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
่…พ
่…พ่ฎฏCDC
T
Threatpost
H
Hacker News: Front Page
P
Palo Alto Networks Blog
ๅš
ๅšๅฎขๅ›ญ - ่‚ๅพฎไธœ
Last Week in AI
Last Week in AI
ๆœ‰่ตžๆŠ€ๆœฏๅ›ข้˜Ÿ
ๆœ‰่ตžๆŠ€ๆœฏๅ›ข้˜Ÿ
Help Net Security
Help Net Security
L
LINUX DO - ็ƒญ้—จ่ฏ้ข˜
N
News and Events Feed by Topic
ไบบไบบ้ƒฝๆ˜ฏไบงๅ“็ป็†
ไบบไบบ้ƒฝๆ˜ฏไบงๅ“็ป็†
่ฎฉๅฐไบงๅ“็š„็‹ฌ็ซ‹ๅ˜็Žฐๆ›ด็ฎ€ๅ• - ezindie.com
่ฎฉๅฐไบงๅ“็š„็‹ฌ็ซ‹ๅ˜็Žฐๆ›ด็ฎ€ๅ• - ezindie.com
ๅฅ‡ๅฎขSolidotโ€“ไผ ้€’ๆœ€ๆ–ฐ็ง‘ๆŠ€ๆƒ…ๆŠฅ
ๅฅ‡ๅฎขSolidotโ€“ไผ ้€’ๆœ€ๆ–ฐ็ง‘ๆŠ€ๆƒ…ๆŠฅ
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Spread Privacy
Spread Privacy

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems โ€“ The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for theโ€ฆ Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance โ€” not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test โ€œAI pollsโ€ are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents โ€” Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master ยท strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI โ€” 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccerโ€”especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent โ€” reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job theyโ€™re intentionally sabotaging their companyโ€™s AI rollout | Fortune How AI Is Reimagining the Game of Golfโ€“For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: ๐Ÿ” Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report ๅœจ Steam ไธŠ่ดญไนฐ FriedrichAI: Offline AI ็ซ‹็œ 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel โ€” a context operating system for AI agents. Eliminates tool bloat, loads only whatโ€™s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AIโ€‘enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iranโ€”or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - Katherine-Holland/ClaudeCoworkGuard: A MacOS menu bar app and Chrome extension
coworkguard ยท 2026-04-23 ยท via Hacker News - Newest: "AI"

CoworkGuard ๐Ÿ›ก๏ธ

A firewall for AI agents.

AI agent tools โ€” Claude, Cursor, GitHub Copilot, ChatGPT, Gemini โ€” operate with full access to your environment. Every file, browser session, and credential is in scope. None of them provide a native audit trail, payload scanner, or data loss prevention layer.

CoworkGuard adds that layer. It sits between your machine and every major AI API, scanning outbound payloads in real time, blocking sensitive data before it leaves, and keeping a local audit log of everything that passes through.

No cloud dependency. No accounts. Everything runs on your own machine.

Proven in the wild: Within 48 hours of Claude Cowork's launch, researchers demonstrated a Word document with hidden white text could exfiltrate partial Social Security numbers via the Anthropic API. CoworkGuard intercepted and blocked a live SSN payload in testing โ€” the same scanner runs across all 10 monitored AI endpoints.


Monitored AI endpoints

Provider Endpoint Tools covered
Anthropic โญ api.anthropic.com Claude Cowork, Claude Code, Claude in Chrome
OpenAI api.openai.com ChatGPT, GPT-4, Assistants API
Google generativelanguage.googleapis.com Gemini
Perplexity api.perplexity.ai Perplexity
Cursor api.cursor.sh Cursor IDE
GitHub copilot-proxy.githubusercontent.com GitHub Copilot
Mistral api.mistral.ai Mistral
Cohere api.cohere.com Cohere
Groq api.groq.com Groq
xAI api.x.ai Grok

Why this exists

Every AI agent tool operates with the same permissions you have โ€” your browser session, your files, your credentials are all in scope. There is no native audit trail, no payload scanner, and no warning when sensitive data is about to leave your machine.

This isn't a theoretical risk. Prompt injection, data exfiltration via hidden document content, and MCP supply chain attacks are all documented vectors. CoworkGuard is the DLP layer that AI agent tools don't ship with.


Features

Feature Description
Payload scanner 48 patterns detecting PII, secrets, and internal data in every outbound request
Active blocking Configurable by severity โ€” CRITICAL threats blocked by default, HIGH/MEDIUM toggleable
Skill scanner Watch mode scanner for Cowork, OpenClaw, and MCP skills โ€” detects supply chain attacks, obfuscated payloads, and excessive permissions before a skill executes
Domain guard In-page warning banner + Chrome notification when a Claude session is active and you navigate to a sensitive domain
Live audit log Real-time JSONL log of every intercepted request, with filterable dashboard view
Threat detail modal Click any log entry to see full finding breakdown โ€” severity, type, redacted preview
Payload trend chart 24-hour bar chart showing data volume sent per hour, colour-coded by worst action
Settings panel Toggle block levels, add custom patterns and domains โ€” no config file editing required
Menubar app Native macOS menubar app โ€” start/stop protection with one click, no terminal required
Zero cloud dependency Everything runs locally. No accounts, no telemetry, no data leaves your machine

What it detects

PII

Pattern Severity
Social Security Number CRITICAL
Credit card number CRITICAL
Date of birth MEDIUM
Email address MEDIUM
Phone number (US) MEDIUM
Passport number MEDIUM
IP address MEDIUM

Auth / Secrets

Pattern Severity
Private key (RSA/EC/OpenSSH) CRITICAL
AWS access key CRITICAL
Anthropic API key CRITICAL
OpenAI API key CRITICAL
GitHub token HIGH
JWT HIGH
Bearer token HIGH
Stripe live key HIGH
Slack token HIGH
Google API key HIGH
HTTP Basic Auth header HIGH
AWS secret (inline) CRITICAL

Internal / Corporate

Pattern Severity
Private IP URL (10.x, 192.168.x, 172.16-31.x) MEDIUM
VPN / intranet hostname (.internal, .corp, .lan) MEDIUM
.env file values (DB_PASSWORD, SECRET_KEY, etc.) HIGH
Database connection string (PostgreSQL, MySQL, MongoDB, Redis) HIGH

Skill supply chain (skill_scanner.py)

Pattern Severity
eval() / dynamic code execution CRITICAL
Subprocess / shell execution CRITICAL
SSH key filesystem access CRITICAL
AWS credentials filesystem access CRITICAL
Keychain access CRITICAL
MCP full filesystem permission CRITICAL
MCP shell access CRITICAL
Base64 / hex obfuscation HIGH
Outbound fetch/curl to non-AI domains HIGH
WhatsApp / Telegram / Slack / Discord exfiltration HIGH
Persistence via LaunchAgent / bashrc HIGH
MCP sandbox disabled HIGH

Architecture

Browser / AI Agent Tools
(Claude Cowork ยท Cursor ยท ChatGPT ยท Copilot ยท Gemini ยท Perplexityโ€ฆ)
         โ”‚
         โ–ผ
 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”      โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚  mitmdump    โ”‚โ”€โ”€โ”€โ”€โ”€โ–ถโ”‚  scanner.py  (Detection engine) โ”‚
 โ”‚  proxy.py    โ”‚      โ”‚  โ€ข 48 severity-scored patterns   โ”‚
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜      โ”‚  โ€ข Payload hash (never raw)      โ”‚
         โ”‚              โ”‚  โ€ข Redacted finding previews     โ”‚
         โ”‚              โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
         โ–ผ
 api.anthropic.com  โ•ฎ
 api.openai.com     โ•Ÿโ”€โ”€ allowed, or 403 BLOCKED
 + 8 more AI APIs  โ•ฏ

 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚  server.py   โ”‚  Flask local API โ€” serves dashboard, reads logs,
 โ”‚  :7070       โ”‚  detects processes, persists settings
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
         โ”‚
         โ–ผ
 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚ dashboard    โ”‚  Live audit log ยท Payload trend chart
 โ”‚ .html        โ”‚  Threat detail modal ยท Settings panel
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚  skill_scanner.py                                    โ”‚
 โ”‚  Watch mode ยท Scans Cowork / OpenClaw / MCP skills   โ”‚
 โ”‚  28 patterns ยท macOS notifications ยท JSONL audit log โ”‚
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚  CoworkGuard.app (macOS menubar)     โ”‚
 โ”‚  One-click start/stop ยท No terminal  โ”‚
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

 Chrome Extension (parallel layer)
 โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
 โ”‚ background.js  Session detection, API watchโ”‚
 โ”‚ content.js     In-page warning banners     โ”‚
 โ”‚ manifest.json  Manifest V3                 โ”‚
 โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

File Structure

coworkguard/
โ”œโ”€โ”€ install.sh              # One-time installer (terminal approach)
โ”œโ”€โ”€ start.sh                # Start CoworkGuard + enable proxy
โ”œโ”€โ”€ stop.sh                 # Stop CoworkGuard + restore internet
โ”œโ”€โ”€ checker.sh              # Startup checker โ€” detects broken proxy state
โ”œโ”€โ”€ scanner.py              # Core PII/secret detection engine (proprietary)
โ”œโ”€โ”€ skill_scanner.py        # Skill supply chain scanner โ€” watch mode
โ”œโ”€โ”€ proxy.py                # mitmproxy interceptor script
โ”œโ”€โ”€ server.py               # Local Flask API server for dashboard
โ”œโ”€โ”€ dashboard.html          # Audit dashboard UI
โ”œโ”€โ”€ domains.json            # Shared sensitive domains list
โ”œโ”€โ”€ README.md
โ”œโ”€โ”€ tests/
โ”‚   โ”œโ”€โ”€ test_coworkguard.py # 71 tests for scanner.py
โ”‚   โ””โ”€โ”€ test_skill_scanner.py # 56 tests for skill_scanner.py
โ”œโ”€โ”€ docs/                   # GitHub Pages โ€” public site
โ”‚   โ”œโ”€โ”€ index.html          # Landing page
โ”‚   โ”œโ”€โ”€ privacy.html        # Privacy policy
โ”‚   โ””โ”€โ”€ support.html        # Support & setup guide
โ”œโ”€โ”€ menubar-app/            # Native macOS menubar app (Tauri)
โ”‚   โ”œโ”€โ”€ src-tauri/
โ”‚   โ”‚   โ”œโ”€โ”€ src/main.rs     # Rust backend โ€” process management, proxy toggle
โ”‚   โ”‚   โ”œโ”€โ”€ Cargo.toml
โ”‚   โ”‚   โ””โ”€โ”€ tauri.conf.json
โ”‚   โ””โ”€โ”€ src/index.html      # First-run setup wizard
โ””โ”€โ”€ chrome-extension/
    โ”œโ”€โ”€ manifest.json       # Manifest V3
    โ”œโ”€โ”€ popup.html          # Toolbar popup โ€” live stats + recent events
    โ”œโ”€โ”€ background.js       # Service worker โ€” detection + monitoring
    โ”œโ”€โ”€ content.js          # In-page warning banner injection
    โ””โ”€โ”€ icons/

Quick Start

Option 1 โ€” macOS Menubar App (recommended)

Download CoworkGuard_1.0.0_aarch64.dmg from the latest release.

  1. Open the .dmg and drag CoworkGuard to Applications
  2. Open CoworkGuard โ€” a shield icon appears in your menubar
  3. Complete the one-time setup wizard (generates and trusts the certificate)
  4. Click the shield โ†’ Start Protection

That's it. No terminal required.

Then install the Chrome extension from the Chrome Web Store.

Option 2 โ€” Terminal installer

curl -sSL https://raw.githubusercontent.com/Katherine-Holland/ClaudeCoworkGuard/main/install.sh | bash

Daily Use

Menubar app

Click the shield icon in your menubar โ†’ Start Protection / Stop Protection.

Skill scanner

# Watch mode โ€” runs in background, scans skills as they arrive
python3 skill_scanner.py

# Scan a specific skill file
python3 skill_scanner.py path/to/SKILL.md

Requires pip install watchdog for watch mode. Falls back to polling if not installed.

Terminal

~/CoworkGuard/start.sh   # Start protection
~/CoworkGuard/stop.sh    # Stop protection + restore internet

Important: Always stop CoworkGuard when done. If your Mac restarts with protection on, CoworkGuard will alert you automatically and offer to fix it.


Configuration

All settings are available through the dashboard at http://localhost:7070 โ€” no config file editing needed.

Setting Default Description
Block Critical โœ… On SSNs, credit cards, private keys, raw API keys
Block High โŒ Off JWTs, bearer tokens, GitHub tokens, Stripe keys
Block Medium โŒ Off Emails, phone numbers, IP addresses
Domain Alerts โœ… On Warn when navigating to sensitive domains while a Claude session is active
Proxy Port 8080 Port mitmdump listens on
Max Log Entries 1000 Audit log rotation limit
Custom Patterns โ€” Your own regex patterns, applied at MEDIUM severity
Custom Domains โ€” Additional domains to monitor

Audit Logs

Logs are written to ~/.coworkguard/logs/ โ€” one JSONL file per day.

API traffic (audit_YYYYMMDD.jsonl):

{
  "timestamp": "2026-03-26T15:09:05Z",
  "url": "https://api.anthropic.com/v1/messages",
  "method": "POST",
  "action": "BLOCKED",
  "blocked": true,
  "payload_hash": "f6ca59cf600f565f",
  "payload_size_bytes": 1842,
  "finding_count": 2,
  "findings": [
    { "type": "SSN", "severity": "CRITICAL", "preview": "12*******89", "blocked": true },
    { "type": "EMAIL", "severity": "MEDIUM", "preview": "jo****@****.com", "blocked": false }
  ]
}

Skill scans (skill_scan_YYYYMMDD.jsonl):

{
  "timestamp": "2026-03-26T15:09:05Z",
  "type": "SKILL_SCAN",
  "file_path": "/Users/katherine/.openclaw/workspace/skills/helper/SKILL.md",
  "skill_type": "OPENCLAW",
  "action": "BLOCKED",
  "risk_score": 85,
  "finding_count": 2,
  "findings": [
    { "type": "EVAL_EXEC", "severity": "CRITICAL", "line": 12, "blocked": true },
    { "type": "FETCH_EXTERNAL", "severity": "HIGH", "line": 15, "blocked": false }
  ]
}

Raw payload and file content is never stored.


Sensitive Domains (built-in)

console.aws.amazon.com ยท app.datadoghq.com ยท grafana.* ยท jenkins.* ยท gitlab.* ยท github.com ยท jira.* ยท confluence.* ยท notion.so ยท linear.app ยท stripe.com/dashboard ยท mail.google.com ยท outlook.* ยท workday.com ยท bamboohr.* ยท salesforce.com ยท hubspot.com

Add your own in the Settings panel.


Roadmap

Immediate

  • Chrome Web Store approval โ€” resubmitted

Post-launch (v1.x)

  • Skill scanner โ€” โœ… shipped โ€” watch mode, 28 patterns, 56 tests passing
  • Mac App Store distribution (menubar app)
  • Windows support
  • Firefox extension
  • OTel exporter โ€” pipe findings to Grafana/Datadog/SIEM
  • Enterprise managed policy support
  • Webhook alerts โ€” POST to Slack/Teams when a request is blocked
  • .pkg installer

CoworkGuard Shield (v2) โ€” enterprise

CoworkGuard Shield (v2) extends protection from the network layer to the endpoint layer โ€” runtime behaviour monitoring, MCP server vetting, and centralised team visibility. Enterprise pricing. Contact littlerobinagency@gmail.com for early access.


Security

CoworkGuard never sends data externally. The proxy runs on localhost:8080, the server on localhost:7070, and the Chrome extension communicates only with these local endpoints.

For security disclosures, please open a private GitHub issue.


License

MIT with Commons Clause โ€” ยฉ 2026 Katherine Weston. All rights reserved.

  • CoworkGuard is free for personal and internal non-commercial use
  • You can fork and modify for personal use
  • Cowork Guard cannot be sold, hosted as a service, or bundled into a commercial product without a separate license.

For commercial licensing or acquisition enquiries: littlerobinagency@gmail.com

See LICENSE for full terms.

CoworkGuard is built on open source components: mitmproxy, Flask, Tauri.