Scan this Mac (read-only) and report identified monitoring software.

Inspects running processes, launchd jobs, system/kernel extensions, MDM enrollment and trusted certificates, then matches them against the watchcheck signature database. Returns identified EDR/DLP/MDM/network-audit software with evidence, capabilities and privacy impact. Group the result by category and explain each finding in plain language for the user.

Explain one process / launchd label / bundle id in plain language.

Built for non-technical users who paste a single name from Activity Monitor (e.g. "WindowServer", "EasyConnect", "GoogleSoftwareUpdate"). Resolution order: monitoring signature → common benign catalog → returns unknown so the host LLM can explain the long tail. Always answers something useful.

Friendly typed overview of EVERYTHING running on this Mac (read-only).

For users who don't understand processes: classifies every running process into types (Apple system / browser / cloud-sync / updater / communication / your own VPN / monitoring / unknown ...), collapses duplicates (e.g. 30 Chrome helpers -> 1), and flags monitoring software. Present the type counts first, reassure that most are normal, then call out anything flagged.

List everything watchcheck can currently identify (transparency).

Returns the signature catalog (vendor, product, category, origin, coverage) without the raw match tokens. Use this to tell the user what the tool knows — and what gaps remain (especially Chinese enterprise tools).

Return the raw read-only inventory with NO matching (power users).

Dumps processes, launchd jobs, extensions, kexts, certs and MDM status as collected. Use this to investigate something watchcheck didn't recognize, or to gather artifacts for a new signature contribution.