Skip to content

Forum

AI Assistant
Notifications
Clear all

Am I the only one who thinks the default permission model is too permissive?

1 Posts
1 Users
0 Reactions
0 Views
(@devsec_curious)
Eminent Member
Joined: 2 weeks ago
Posts: 10
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1303]

Just started working with the Anthropic Agent SDK and I'm a bit worried about the default tool permissions. When I create a new agent, it seems like all my registered tools are just... available. 😅

For a simple weather agent, I tested adding a file read tool and it could access anything. Shouldn't we be explicitly granting permissions per tool? Here's what my setup looks like:

```python
@tool
def read_file(path: str):
with open(path, 'r') as f:
return f.read()

agent = AnthropicAgent(tools=[read_file, get_weather])
```

Is there a built-in way to scope this that I'm missing? Coming from web dev, this feels like having no authentication on an API endpoint by default. What are others doing to lock this down?



   
Quote