Support

Getting started.

Two ways to install — menubar app (no terminal) or command line. Both take under five minutes.

⚙

Menubar App

Download, install, and start protecting your AI sessions with one click. No terminal.

View guide →

ⓘ

FAQ

Answers to common questions about how CoworkGuard works.

View FAQ →

✉

Report an Issue

Found a bug or have a feature request? Open an issue on GitHub.

Get in touch →

Setup Guide

CoworkGuard has two components — the Chrome extension (domain warnings and popup) and the local proxy stack (payload scanning and dashboard). The extension works immediately after install. The proxy requires a one-time setup.

Prerequisites

macOS 12 (Monterey) or later, Python 3.11+, and the following packages installed:

pip install -r requirements.txt

This installs mitmproxy, flask, flask-cors, psutil, and watchdog. If you use the menubar app, the setup wizard handles the certificate — no terminal needed for that step.

Option 1 — macOS Menubar App (recommended)

Download CoworkGuard

Download CoworkGuard_1.0.0_aarch64.dmg

Install the app

Open the .dmg file and drag CoworkGuard to your Applications folder. Then open it — a shield icon appears in your menubar.

Note: CoworkGuard is code signed and notarised — it should open cleanly with no Gatekeeper warning. If you downloaded an older version and see a "damaged" warning, open Terminal and run:

xattr -cr /Applications/CoworkGuard.app

Complete setup

A setup wizard opens automatically on first launch. It generates and trusts the security certificate in one step — enter your Mac password once when prompted. This never needs to be done again.

Start protection

Click the shield icon in your menubar → Start Protection. The dashboard opens automatically at localhost:7070. Click Stop Protection when you are done.

Install the Chrome extension

Install CoworkGuard from the Chrome Web Store. The toolbar icon shows protection status and recent events immediately.

Option 2 — Terminal installer

Run the installer

Open Terminal and run:

curl -sSL https://raw.githubusercontent.com/Katherine-Holland/ClaudeCoworkGuard/main/install.sh | bash

Installs dependencies, downloads CoworkGuard, and sets up the certificate. One-time only.

Start and stop

~/CoworkGuard/start.sh   # Start protection
~/CoworkGuard/stop.sh    # Stop + restore internet

Always run stop.sh when done — if you forget and restart your Mac, CoworkGuard will alert you automatically.

Frequently Asked Questions

Does CoworkGuard send any data externally?

No. Everything runs on localhost. The proxy, scanner, dashboard server, and Chrome extension all communicate only with your own machine. Raw payload content is never stored — only SHA-256 hashes and redacted previews are written to disk.

Will the proxy break other websites?

CoworkGuard only intercepts and scans requests to the 10 monitored AI API endpoints — Anthropic, OpenAI, Gemini, Cursor, GitHub Copilot, Mistral, Perplexity, Cohere, Groq, and xAI. All other traffic passes through transparently, including your normal browsing, banking, email, and any other sites. If you experience issues with a specific site, you can temporarily disable the system proxy in Network settings or click Stop Protection in the menubar app.

What happens when a request is blocked?

The proxy returns a 403 response with a JSON error explaining what was detected. Claude will show an error in the UI. The request is logged in your audit trail with the type of finding and a redacted preview — the raw content is never stored.

Can I add my own detection patterns?

Yes. Open the dashboard at localhost:7070, go to Settings, and add custom regex patterns under Custom Patterns. They are applied at Medium severity and take effect immediately without restarting the proxy.

Does it work without the proxy running?

Partially. The Chrome extension's domain guard and popup work independently — you will still get in-page warnings when navigating to sensitive domains while an AI session is active. The payload scanner and audit log require the proxy to be running.

Which macOS versions are supported?

CoworkGuard works on macOS 12 (Monterey) and later. The proxy requires Python 3.9+. The Chrome extension requires Chrome 116+. Windows support is planned — the Python proxy and scanner run cross-platform but the native menubar app is currently macOS only.

What is the skill scanner?

The skill scanner runs automatically when you start protection. It watches your filesystem for new AI agent skill files — Cowork skills, OpenClaw skills, and MCP configs — and scans them for security risks before they execute. It detects obfuscated code, unauthorised network calls, credential harvesting, and excessive permission requests. Findings are logged to ~/.coworkguard/logs/skill_scan_YYYYMMDD.jsonl and shown in the Skills tab of the dashboard. Use Quiet Mode in the menubar to suppress macOS notifications while still logging findings.

Is the source code available?

Yes — CoworkGuard is open source on GitHub under MIT with Commons Clause. You can audit every line of the scanner, proxy, and extension code.

Still need help?

If you have found a bug, have a feature request, or need help with setup, please open an issue on GitHub. Include your macOS version, Python version, and a description of what you are seeing.

For security disclosures, please open a private GitHub issue rather than a public one.

Open an issue on GitHub