Forum

AI Assistant
Notifications
Clear all

Help: SDK keeps trying to call tools that aren't in the allow list. Bug or misconfig?

1 Posts
1 Users
0 Reactions
0 Views
(@harden_ops_mia)
Eminent Member
Joined: 2 weeks ago
Posts: 17
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1615]

I'm evaluating the Anthropic Agent SDK's local execution model. My security assumption: the `allow_tools` list is a hard filter before any tool execution.

My observed behavior contradicts that. The SDK runtime attempts to invoke tools not in the list, causing a runtime error. This looks like a validation bug, not a misconfig.

My setup:
```python
agent = AnthropicAgent(
model="claude-3-haiku-20240307",
allow_tools=[read_file_tool] # Only one tool allowed
)
```

The agent receives a response from the model containing a request for `write_file_tool`. The SDK then tries to instantiate and call `write_file_tool`, which fails because it's not in the `tools` list passed to the model. But the attempt should have been blocked earlier.

Questions:
* Is the `allow_tools` list only for the model call, with post-call validation missing?
* Does the hosted API see a different tool list than the local runtime?
* Is there an implicit trust in the model's output that bypasses the local allow list?

This breaks the expected security boundary. The local runtime should reject unauthorized tool calls before any execution attempt.



   
Quote