Hand any window to your AI agent.
A tiny menu bar utility that gives local MCP clients a way to see your screen on demand — loopback only, bearer-authenticated, ScreenCaptureKit under the hood. Skip the screenshot-and-paste dance entirely.
macOS 14 Sonoma or laterThe wedge
Today, asking an AI “what’s on my Calculator screen?” means:
⌘⇧4 → switch to Claude → paste image → type the question → wait.
With peek installed and the MCP endpoint wired into your client, it’s:
Ask Claude in natural language. That’s it.
No app-switching, no focus theft, no manual screenshot. The agent doesn’t need to know anything about your window manager — it asks peek for pixels, peek hands back a PNG.
Features
Menu bar first
Lives in your menu bar. No Dock icon, no clutter, no foreground window stealing focus.
Loopback MCP server
HTTP/JSON-RPC on 127.0.0.1:11474, bearer-token auth from the Keychain. The listener is bound with acceptLocalOnly — no external interfaces, ever.
ScreenCaptureKit, not Accessibility
Peek reads pixels via SCShareableContent and SCScreenshotManager. It composites occluded windows without raising them. No Accessibility entitlement means no extra macOS trust prompts and no quagmire of AX-permission carve-outs in MDM.
Three MCP tools
list_windows, capture_window (by id), and capture_app (frontmost window of a named app). Returns standard MCP image content blocks — any client that handles images just works.
Click-to-clipboard menu
The click is the consent — pick any running app from the menu and a fresh PNG of its frontmost window lands on your pasteboard. The human path bypasses the MCP token entirely.
Per-app trust gates
First MCP-driven capture of a new app pops an Allow / Deny / Always-Allow prompt. Trust decisions live in user defaults and are revocable from Settings. The bearer token is gate one; per-app approval is gate two.
Sandbox-clean
App Sandbox on, hardened runtime on, one non-default entitlement: com.apple.security.network.server. App Store-shippable shape from day one.
Managed for fleets
Every behaviour can be locked or scoped from MDM via com.oldsalt.peek.plist — allow/deny app lists, MCP kill switch, title redaction, master enable. Settings reflect every active policy with a lock icon.
Wire it into your MCP client
Open peek, click the menu bar icon, hit Copy Claude Desktop config. Paste into your client’s MCP config. Restart the client.
{
"mcpServers": {
"peek": {
"url": "http://127.0.0.1:11474",
"headers": {
"Authorization": "Bearer <token from peek's menu>"
}
}
}
}
This works directly with Claude Code, Cursor, and any client that speaks streamable-HTTP MCP. Claude Desktop currently requires the stdio transport — a bridge for that is on the roadmap. The same menu also has Test connection, Copy token, and Regenerate token for rotating the bearer when you need to.
Built for fleets
Every setting can be locked and enforced by IT through a single managed preferences plist:
/Library/Managed Preferences/com.oldsalt.peek.plist
Deploy through JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Keys in the managed domain override the user’s preference and lock the corresponding UI. Highlights:
enabled— master kill switch.mcpServerEnabled— whether the loopback MCP listener starts at all.allowedApps/deniedApps— restrict captureable apps by bundle ID. Denies always win.redactWindowTitles— strip titles fromlist_windowsoutput (some titles leak document names).disableQuit— remove Quit from the menu bar menu.
Common questions
How is peek different from Shottr, CleanShot, or ⌘⇧4?
Those are for humans clicking a shortcut and pasting into a chat. Peek is for AI agents — it exposes window enumeration and capture as MCP tools so an agent can ask “what’s in Calculator?” and get a fresh PNG over loopback without you doing anything. The click-to-clipboard menu is included for human convenience, but the wedge is the MCP path.
Does peek raise or focus windows when capturing?
No. ScreenCaptureKit composites window pixels off-screen — peek can capture occluded windows, background-Space windows, and (often) minimized windows without disturbing what’s on your display. No Accessibility entitlement is required because peek never manipulates windows; it only reads pixels.
Where does the MCP server listen, and how is it authenticated?
127.0.0.1:11474, JSON-RPC over HTTP, bearer-token authenticated. The token is generated on first launch, stored in the Keychain with after-first-unlock accessibility, and surfaced in the menu so you can copy it into your client config. Loopback is enforced at the listener level — peek’s sandbox entitlement is network.server only, and the listener binds with acceptLocalOnly=true.
Will peek work with Claude Desktop?
Today peek works directly with any MCP client that supports the streamable-HTTP transport — Claude Code, Cursor, and similar. Claude Desktop’s claude_desktop_config.json currently only accepts stdio-transport entries; a stdio bridge (via the mcp-remote npm proxy) is on the roadmap. Until that lands, Claude Desktop users can configure the bare URL but will see a warning that the entry was skipped.
Can IT teams deploy peek via MDM?
Yes — through the managed preferences plist com.oldsalt.peek.plist, deployable from JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Same pattern as the sibling niacin app. Keys present in the managed domain override user preferences and lock the corresponding UI control.
Is the captured image stored anywhere?
No. Captures are composited on demand, returned to the requesting MCP client, and not persisted to disk by peek. The click-to-clipboard menu writes to the pasteboard only — once you copy something else, the capture is gone.
Get peek
peek is free and open source. Grab the latest signed, notarized release from GitHub.