AgentPermit
Open-source CLI + Web Dashboard

Audit Your AI Tools Before They Audit You

AgentPermit scans Claude Desktop, Cursor, Copilot, and ChatGPT for silent permissions, undocumented manifests, and overprivileged access.

No code required Open source CLI Works offline
0Risk Score

Your AI apps have more access than you think

The April 2026 Claude Desktop scandal revealed silent browser-extension installations. Every major AI desktop app has similar blind spots.

Silent installs

Undocumented browser extension manifests install without your knowledge or consent.

Overprivileged access

File system + shell access granted without clear disclosure or user approval.

Zero visibility

No built-in way to audit what AI apps can access on your machine.

How it works

Three steps to full visibility

01

Run the scan

Use the web upload or run `npx agentpermit scan` in your terminal. No sign-up required for personal scans.

02

Get your score

Receive a detailed 0-100 risk score with itemized findings across 5 permission categories.

03

Fix with guidance

Each finding includes a remediation checklist. Pro users get CI/CD badges and JSON export.

Simple, transparent pricing

Start free. Upgrade when you need more.

Free
$0/mo

Personal scan, basic report

  • 1 user
  • Basic risk score
  • Web scan
  • Email summary
Most Popular
Pro
$9/mo

Unlimited scans, CI/CD badge, JSON export

  • Unlimited scans
  • CI/CD badge
  • JSON export
  • Scan history
  • Priority support
Team
$49/mo

Org-wide dashboard, Slack alerts, audit exports, SSO

  • Everything in Pro
  • Org-wide dashboard
  • Slack alerts
  • Audit exports (PDF/CSV)
  • SSO
  • Shared watchlists

What developers are saying

I had no idea Claude Desktop was installing undocumented browser extensions. AgentPermit surfaced it in 30 seconds. We immediately locked it down.

Alex Chen

Engineering Lead, Series A Startup

Finally a tool that speaks developer language. The risk score is intuitive and the remediation steps are actually actionable.

Sarah Miller

Security Engineer, Fintech

We run Cursor on every machine. AgentPermit found OAuth scope bloat we didn't know existed. Fixed in 5 minutes.

James Park

Founder, AI-Native SaaS

FAQ