A local firewall for
AI agents.

Many AI agent tools can operate with broad access to local files, browser sessions, and outbound requests depending on configuration. Most do not provide a local, developer-controlled payload scanner or outbound data-loss-prevention layer. CoworkGuard adds that missing local checkpoint.

Step 1

⬇ Download & Install

CoworkGuard_1.0.1_aarch64.dmg
macOS 12+ · Apple Silicon

Step 2

🧩 Add Chrome Extension

Domain warnings · Popup status
Works with or without the app

After downloading: open the .dmg → drag to Applications → open CoworkGuard → follow setup wizard

If macOS says "damaged": open Terminal and run xattr -cr /Applications/CoworkGuard.app

Free · Open source · No account required · All data stays on your machine

Why this matters

Recent security research has shown that hidden or injected instructions in documents, tool outputs, and other untrusted content can cause AI agents to include sensitive data in outbound API requests without obvious user awareness. Because those requests are sent to legitimate AI endpoints, they can look normal at the network layer. CoworkGuard adds a local inspection and blocking layer before that data leaves your machine.

Coverage

One local proxy that scans and blocks sensitive data before it leaves your machine.
Many common AI workflows.

CoworkGuard monitors outbound requests across supported AI API endpoints used by popular coding and assistant tools.

Supported

Anthropic

api.anthropic.com

Claude workflows

OpenAI

api.openai.com

ChatGPT, GPT-4, Assistants API

Google

generativelanguage.googleapis.com

Gemini

Cursor

api.cursor.sh

Cursor IDE

GitHub

copilot-proxy.githubusercontent.com

GitHub Copilot

Mistral

api.mistral.ai

Mistral

Perplexity

api.perplexity.ai

Perplexity

Cohere

api.cohere.com

Cohere

Groq

api.groq.com

Groq

xAI

api.x.ai

Grok

Features

A local audit layer for
AI agent traffic.

One local proxy for supported AI API traffic, with visibility into what leaves your machine.

Universal Payload Scanner

Outbound requests to supported AI API endpoints are scanned against configurable detection patterns for secrets, credentials, private keys, internal URLs, and common forms of PII before they leave your machine.

Domain Guard

When an AI agent is active, an in-page warning appears the moment you navigate to a sensitive domain — AWS Console, Gmail, GitHub, Stripe, Salesforce, and 15 others.

Unified Audit Log

A single timestamped, filterable record of intercepted requests across supported providers. Built for developers who want a local audit trail under their own control.

Payload Trend Chart

A 24-hour view of data volume sent across monitored AI APIs, colour-coded by risk level. See which tools are sending the most data and when.

Configurable Blocking

Toggle blocking independently for Critical, High, and Medium severity. Add your own regex patterns for internal data formats. No configuration files to edit.

No Cloud Dependency

Everything runs on localhost. No accounts, no telemetry, no analytics. Raw content is never stored — only SHA-256 hashes and redacted previews are written to disk.

Skill Scanner

Watch mode can scan local agent skills, plugins, and MCP-connected tools for obfuscated code, suspicious network calls, filesystem access, and permission-escalation patterns before execution.

Detection

76 patterns across
every common vector.

From personal data to suspicious tool behavior, scanned at the network layer and during local skill review.

Critical — blocked by default

SSNCredit CardPrivate KeyAWS KeyAnthropic KeyGCP Service AccountAzure Connection StringCertificateAWS SecretMCP Credential

High — flagged, optionally blocked

OpenAI KeyHugging FaceGroqxAIReplicatePerplexityJWTBearer TokenGitHub TokenGitLab TokenStripe KeySlack TokenSendGridnpm TokenFirebaseDB ConnectionOAuth TokenMistralCohereTwilioSupabaseDatadogVercel / Netlify.env values

Medium — flagged

Email addressPhone numberDate of birthPassport numberIP addressInternal URLVPN hostname

Skill supply chain — scanned before execution

eval() / exec() Subprocess / shell Base64 obfuscation Hex obfuscation External fetch / curl SSH key access AWS credentials Keychain access WhatsApp / Telegram exfil Slack / Discord exfil MCP full filesystem MCP shell access LaunchAgent persistence

Privacy

A privacy tool that
guards its own data too.

CoworkGuard was built on a straightforward principle: a privacy tool that collects data about you is not a privacy tool. Everything it does happens on localhost, and the design reflects that from the ground up.

—

No cloud dependency. The proxy, scanner, and dashboard all run on your own machine.

—

No raw content stored. Only SHA-256 hashes and redacted previews are written to disk.

—

No telemetry or analytics. Zero data leaves your device.

—

No account required. Install it and it works.

—

Open source. Every line is auditable on GitHub.

Request flow — supported AI API endpoints

AI Agent Tool

→

CoworkGuard scanner

├─

SSN detected → BLOCKED

├─

JWT found → FLAGGED

└─

Clean → ALLOWED

Allowed requests only

→

AI API endpoint

Audit log → ~/.coworkguard/logs/
Tagged by provider. Stored locally. Never transmitted.

A local privacy layer for
AI agents.

Download the macOS app or install the Chrome extension. Free, open source, no account required.

⬇ Download macOS App — Free Add Chrome Extension View Source

After downloading: open .dmg → drag to Applications → open app → follow setup wizard

A local firewall forAI agents.

One local proxy that scans and blocks sensitive data before it leaves your machine.Many common AI workflows.

A local audit layer forAI agent traffic.

76 patterns acrossevery common vector.

A privacy tool thatguards its own data too.