Scanned on April 25, 2026 · v1.2.0 · macOS
Caution — Several permission issues found
Browser Manifests
Claude Desktop installs a native messaging host at ~/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.anthropic.claude.json without user consent or disclosure.
Remediation
Remove the native messaging host manifest and file a bug with Anthropic requesting opt-in consent. Alternatively, block in organization policy.
Browser Manifests
Each launch re-registers the browser integration manifest, making manual removal ineffective.
Remediation
Use AgentPermit's CLI to block re-registration. Pro users can set a policy to prevent auto-install.
File System
The app requests read/write access to the entire home directory (~) without granularity or scope limitation.
Remediation
Restrict file access using macOS sandboxing or Linux namespaces. Define a specific project directory and deny access outside it.
Network
All network requests go to api.anthropic.com and cdn.anthropic.com. No telemetry or third-party data exfiltration detected.
OAuth Scopes
The app is granted 12 OAuth scopes but only uses 5 (files.read, files.write, chat.write, user.read, api.access). Unused scopes include calendar.read, email.read, contacts.read, admin.org, billing.read, insights.read, settings.manage.
Remediation
Request scope reduction from the provider. Use AgentPermit's scope audit to generate a reduction request template.
Auto-Update
All updates are code-signed and verified before installation. No unsigned update channels detected.