iscooked.com

What It Is

Am I Cooked? is a local AI security scanner from iscooked.com, positioned as a one-command tool for checking security and privacy risks in your local AI environment. The page explicitly mentions support for Ollama, LM Studio, text-gen-webui, and more, while emphasizing “Runs locally. Sends nothing anywhere. Ever.” — meaning it runs on your machine and does not send data out.

Core Protection and Deployment

Its scan coverage is closely aligned with local LLM development scenarios. Network exposure checks can detect whether Ollama or LM Studio is listening on 0.0.0.0; API authentication checks can identify unauthenticated endpoints; file permission checks look at whether model files and .env files are readable or writable by other users; Docker checks cover root, privileged mode, and host networking. It also covers GPU device permissions, telemetry endpoints, firewall status, non-local plaintext HTTP, the user running a process, API keys in shell history and logs, as well as Ollama’s OLLAMA_HOST, OLLAMA_ORIGINS, and systemd user configuration. Deployment is very lightweight: it runs via a curl pipe to bash, claiming 5 seconds, no installation, and no dependencies.

Pricing, Management, and Integrations

The page does not disclose pricing, commercial editions, payment methods, or compliance certifications. From the examples, it provides segmented command-line results, statuses such as SAFE/WARMING UP/COOKED, critical/warnings/passed counts, and a cooked score. However, there is no visible centralized management, continuous monitoring, alerting, reporting, or SIEM integration. On the integration side, it mainly recognizes local AI tools, Docker, firewall, and GPU environments, and provides a GitHub entry point.

Pros and Cons

Its strengths are that it focuses on the emerging blind spot of local AI security, offers practical coverage, has a low barrier to use, and runs locally, which helps reduce privacy concerns. The downside is that it feels more like a one-off health check tool than a full security platform. It lacks enterprise-grade policy governance, automated remediation, asset inventory, and support SLA information. Also, while curl | bash is convenient, good security practice still suggests reviewing the script source and contents first.

Who It’s For and Access from China

It is suitable for individual developers, AI application prototyping teams, and users running Ollama/LM Studio on workstations or servers who want a quick self-check. The page does not provide information about access from mainland China, so this is unknown; there is also no payment information. If you need a more general host or container baseline tool, alternatives or complementary tools include Lynis, OpenSCAP, Trivy, and Docker Bench for Security.