Hand any window to your AI agent.

A tiny menu bar utility that gives local MCP clients a way to see your screen on demand — loopback only, bearer-authenticated, ScreenCaptureKit under the hood. Skip the screenshot-and-paste dance entirely.

Download latest release
macOS 14 Sonoma or later

The wedge

Today, asking an AI “what’s on my Calculator screen?” means:

⌘⇧4 → switch to Claude → paste image → type the question → wait.

With peek installed and the MCP endpoint wired into your client, it’s:

Ask Claude in natural language. That’s it.

you → “what number is on my Calculator?” claudepeek.capture_app({ name: “Calculator” }) peek → SCK composites window 4081 off-screen, returns 89 KB PNG claude → “Your Calculator shows 777,777.”

No app-switching, no focus theft, no manual screenshot. The agent doesn’t need to know anything about your window manager — it asks peek for pixels, peek hands back a PNG.

Features

Menu bar first

Lives in your menu bar. No Dock icon, no clutter, no foreground window stealing focus.

Loopback MCP server

HTTP/JSON-RPC on 127.0.0.1:11474, bearer-token auth from the Keychain. The listener is bound with acceptLocalOnly — no external interfaces, ever.

ScreenCaptureKit, not Accessibility

Peek reads pixels via SCShareableContent and SCScreenshotManager. It composites occluded windows without raising them. No Accessibility entitlement means no extra macOS trust prompts and no quagmire of AX-permission carve-outs in MDM.

Three MCP tools

list_windows, capture_window (by id), and capture_app (frontmost window of a named app). Returns standard MCP image content blocks — any client that handles images just works.

Click-to-clipboard menu

The click is the consent — pick any running app from the menu and a fresh PNG of its frontmost window lands on your pasteboard. The human path bypasses the MCP token entirely.

Per-app trust gates

First MCP-driven capture of a new app pops an Allow Once / Always Allow / Deny prompt. Concurrent requests are serialized so prompts never stack. Trust decisions persist under a versioned UserDefaults key and are revocable any time from Settings → Trusted Apps. The bearer token is gate one; per-app approval is gate two.

Sandbox-clean

App Sandbox on, hardened runtime on, one non-default entitlement: com.apple.security.network.server. App Store-shippable shape from day one.

Managed for fleets

Every behaviour can be locked or scoped from MDM via com.oldsalt.peek.plist — allow/deny app lists, MCP kill switch, title redaction, master enable. Settings reflect every active policy with a lock icon.

Wire it into your MCP client

Open peek → click the menu bar icon → Settings…MCP tab. Pick the snippet that matches your client and paste it into the client’s config.

Claude Code / Cursor / streamable-HTTP clients

Copy Claude Code config → paste into ~/.claude.json (or equivalent) → restart.

{
  "mcpServers": {
    "peek": {
      "url": "http://127.0.0.1:11474",
      "headers": {
        "Authorization": "Bearer <token from Settings>"
      }
    }
  }
}

Claude Desktop

Copy Claude Desktop config → paste into ~/Library/Application Support/Claude/claude_desktop_config.json → quit and relaunch Claude Desktop. Requires Node.js installed (the bridge runs via npx).

{
  "mcpServers": {
    "peek": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@0.1.38",
        "http://127.0.0.1:11474/",
        "--allow-http",
        "--transport", "http-only",
        "--header", "Authorization: Bearer <token>"
      ]
    }
  }
}

Settings also has Test connection, Copy MCP token, and Rotate token for when you need to refresh the bearer. The first time an agent asks to capture a given app, peek shows an approval prompt — approved apps live under Settings → Trusted Apps.

Built for fleets

Every setting can be locked and enforced by IT through a single managed preferences plist:

/Library/Managed Preferences/com.oldsalt.peek.plist

Deploy through JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Keys in the managed domain override the user’s preference and lock the corresponding UI. Highlights:

  • enabled — master kill switch.
  • mcpServerEnabled — whether the loopback MCP listener starts at all.
  • allowedApps / deniedApps — restrict captureable apps by bundle ID. Denies always win.
  • redactWindowTitles — strip titles from list_windows output (some titles leak document names).
  • disableQuit — remove Quit from the menu bar menu.

Read the full MDM documentation →

Common questions

How is peek different from Shottr, CleanShot, or ⌘⇧4?

Those are for humans clicking a shortcut and pasting into a chat. Peek is for AI agents — it exposes window enumeration and capture as MCP tools so an agent can ask “what’s in Calculator?” and get a fresh PNG over loopback without you doing anything. The click-to-clipboard menu is included for human convenience, but the wedge is the MCP path.

Does peek raise or focus windows when capturing?

No. ScreenCaptureKit composites window pixels off-screen — peek can capture occluded windows, background-Space windows, and (often) minimized windows without disturbing what’s on your display. No Accessibility entitlement is required because peek never manipulates windows; it only reads pixels.

Where does the MCP server listen, and how is it authenticated?

127.0.0.1:11474, JSON-RPC over HTTP, bearer-token authenticated. The token is generated on first launch, stored in the Keychain with after-first-unlock accessibility, and surfaced in the menu so you can copy it into your client config. Loopback is enforced at the listener level — peek’s sandbox entitlement is network.server only, and the listener binds with acceptLocalOnly=true.

Will peek work with Claude Desktop?

Yes. Peek ships a pinned mcp-remote bridge config alongside the native streamable-HTTP one. In Settings → MCP, click Copy Claude Desktop config: it copies a stdio-transport snippet that wraps the bearer auth in an npx -y mcp-remote@… command. Paste into ~/Library/Application Support/Claude/claude_desktop_config.json, restart Claude Desktop, and the three peek tools appear. Native Claude Code and Cursor users take the Copy Claude Code config snippet instead. Node.js must be installed for the Claude Desktop bridge.

Can IT teams deploy peek via MDM?

Yes — through the managed preferences plist com.oldsalt.peek.plist, deployable from JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Same pattern as the sibling niacin app. Keys present in the managed domain override user preferences and lock the corresponding UI control.

Is the captured image stored anywhere?

No. Captures are composited on demand, returned to the requesting MCP client, and not persisted to disk by peek. The click-to-clipboard menu writes to the pasteboard only — once you copy something else, the capture is gone.

Get peek

peek is free and open source. Grab the latest signed, notarized release from GitHub.

Download the latest release →

View source on GitHub →