Hand any window to your AI agent.
A tiny menu bar utility that gives local MCP clients a way to see your screen on demand — loopback only, bearer-authenticated, ScreenCaptureKit under the hood. Skip the screenshot-and-paste dance entirely.
macOS 14 Sonoma or laterThe wedge
Today, asking an AI “what’s on my Calculator screen?” means:
⌘⇧4 → switch to Claude → paste image → type the question → wait.
With peek installed and the MCP endpoint wired into your client, it’s:
Ask Claude in natural language. That’s it.
No app-switching, no focus theft, no manual screenshot. The agent doesn’t need to know anything about your window manager — it asks peek for pixels, peek hands back a PNG.
Features
Menu bar first
Lives in your menu bar. No Dock icon, no clutter, no foreground window stealing focus.
Loopback MCP server
HTTP/JSON-RPC on 127.0.0.1:11474, bearer-token auth from the Keychain. The listener is bound with acceptLocalOnly — no external interfaces, ever.
ScreenCaptureKit, not Accessibility
Peek reads pixels via SCShareableContent and SCScreenshotManager. It composites occluded windows without raising them. No Accessibility entitlement means no extra macOS trust prompts and no quagmire of AX-permission carve-outs in MDM.
Three MCP tools
list_windows, capture_window (by id), and capture_app (frontmost window of a named app). Returns standard MCP image content blocks — any client that handles images just works.
Click-to-clipboard menu
The click is the consent — pick any running app from the menu and a fresh PNG of its frontmost window lands on your pasteboard. The human path bypasses the MCP token entirely.
Per-app trust gates
First MCP-driven capture of a new app pops an Allow Once / Always Allow / Deny prompt. Concurrent requests are serialized so prompts never stack. Trust decisions persist under a versioned UserDefaults key and are revocable any time from Settings → Trusted Apps. The bearer token is gate one; per-app approval is gate two.
Sandbox-clean
App Sandbox on, hardened runtime on, one non-default entitlement: com.apple.security.network.server. App Store-shippable shape from day one.
Managed for fleets
Every behaviour can be locked or scoped from MDM via com.oldsalt.peek.plist — allow/deny app lists, MCP kill switch, title redaction, master enable. Settings reflect every active policy with a lock icon.
Wire it into your MCP client
Open peek → click the menu bar icon → Settings… → MCP tab. Pick the snippet that matches your client and paste it into the client’s config.
Claude Code / Cursor / streamable-HTTP clients
Copy Claude Code config → paste into ~/.claude.json (or equivalent) → restart.
{
"mcpServers": {
"peek": {
"url": "http://127.0.0.1:11474",
"headers": {
"Authorization": "Bearer <token from Settings>"
}
}
}
}
Claude Desktop
Copy Claude Desktop config → paste into ~/Library/Application Support/Claude/claude_desktop_config.json → quit and relaunch Claude Desktop. Requires Node.js installed (the bridge runs via npx).
{
"mcpServers": {
"peek": {
"command": "npx",
"args": [
"-y",
"mcp-remote@0.1.38",
"http://127.0.0.1:11474/",
"--allow-http",
"--transport", "http-only",
"--header", "Authorization: Bearer <token>"
]
}
}
}
Settings also has Test connection, Copy MCP token, and Rotate token for when you need to refresh the bearer. The first time an agent asks to capture a given app, peek shows an approval prompt — approved apps live under Settings → Trusted Apps.
Built for fleets
Every setting can be locked and enforced by IT through a single managed preferences plist:
/Library/Managed Preferences/com.oldsalt.peek.plist
Deploy through JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Keys in the managed domain override the user’s preference and lock the corresponding UI. Highlights:
enabled— master kill switch.mcpServerEnabled— whether the loopback MCP listener starts at all.allowedApps/deniedApps— restrict captureable apps by bundle ID. Denies always win.redactWindowTitles— strip titles fromlist_windowsoutput (some titles leak document names).disableQuit— remove Quit from the menu bar menu.
Common questions
How is peek different from Shottr, CleanShot, or ⌘⇧4?
Those are for humans clicking a shortcut and pasting into a chat. Peek is for AI agents — it exposes window enumeration and capture as MCP tools so an agent can ask “what’s in Calculator?” and get a fresh PNG over loopback without you doing anything. The click-to-clipboard menu is included for human convenience, but the wedge is the MCP path.
Does peek raise or focus windows when capturing?
No. ScreenCaptureKit composites window pixels off-screen — peek can capture occluded windows, background-Space windows, and (often) minimized windows without disturbing what’s on your display. No Accessibility entitlement is required because peek never manipulates windows; it only reads pixels.
Where does the MCP server listen, and how is it authenticated?
127.0.0.1:11474, JSON-RPC over HTTP, bearer-token authenticated. The token is generated on first launch, stored in the Keychain with after-first-unlock accessibility, and surfaced in the menu so you can copy it into your client config. Loopback is enforced at the listener level — peek’s sandbox entitlement is network.server only, and the listener binds with acceptLocalOnly=true.
Will peek work with Claude Desktop?
Yes. Peek ships a pinned mcp-remote bridge config alongside the native streamable-HTTP one. In Settings → MCP, click Copy Claude Desktop config: it copies a stdio-transport snippet that wraps the bearer auth in an npx -y mcp-remote@… command. Paste into ~/Library/Application Support/Claude/claude_desktop_config.json, restart Claude Desktop, and the three peek tools appear. Native Claude Code and Cursor users take the Copy Claude Code config snippet instead. Node.js must be installed for the Claude Desktop bridge.
Can IT teams deploy peek via MDM?
Yes — through the managed preferences plist com.oldsalt.peek.plist, deployable from JAMF, Mosyle, Kandji, Intune, or any MDM that pushes preference domains. Same pattern as the sibling niacin app. Keys present in the managed domain override user preferences and lock the corresponding UI control.
Is the captured image stored anywhere?
No. Captures are composited on demand, returned to the requesting MCP client, and not persisted to disk by peek. The click-to-clipboard menu writes to the pasteboard only — once you copy something else, the capture is gone.
Get peek
peek is free and open source. Grab the latest signed, notarized release from GitHub.