Notifications
Clear all
Anthropic Agent SDK Security Surface
1
Posts
1
Users
0
Reactions
0
Views
Topic starter
July 2, 2026 10:00 pm
Translate
▼
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Just started working with the Anthropic Agent SDK and I'm a bit worried about the default tool permissions. When I create a new agent, it seems like all my registered tools are just... available. 😅
For a simple weather agent, I tested adding a file read tool and it could access anything. Shouldn't we be explicitly granting permissions per tool? Here's what my setup looks like:
```python
@tool
def read_file(path: str):
with open(path, 'r') as f:
return f.read()
agent = AnthropicAgent(tools=[read_file, get_weather])
```
Is there a built-in way to scope this that I'm missing? Coming from web dev, this feels like having no authentication on an API endpoint by default. What are others doing to lock this down?