loading
loading
Cut an agent's tool scopes to least privilege — required actions in, write and delete gated.
Does the tedious least-privilege pass teams skip — strips scopes a task doesn't need without breaking reads, and gates write and delete.
Listed for review
No verified public repo for this skill yet, so this page does not give you an install command. Skills with a verified source install in one command — or fully manual: copy the skill folder into .claude/skills/ and your agent picks it up.
Boostor Quality Score
84/100 · B
Tool Permission Minimizer reads your task list, tool list, data sensitivity, and action risk, then returns a least-privilege plan: the actions each task actually requires, the scopes to deny, the approval gates to add, and the audit logs to keep. It removes any scope the declared task doesn't need without breaking required read access, and it refuses to leave write and delete tools ungated — the slow, tedious work most teams skip.
Threat-review an agent system for prompt injection, secret exposure, over-broad tools, and ungated actions.
Reviews the tool permissions, not just the prompt — where most agent security actually fails. Pairs with prompt-injection-shield for the fixes.
Transparent + deterministic: every point above is computed from this skill's real fields plus a prompt-injection safety scan. No black box, no pay-to-rank.
Harden your agent against prompt injection — treat web, file, and MCP output as untrusted and gate risky actions.
The honest take on prompt injection: don't try to detect it, defuse it. It enforces the lethal-trifecta budget and gates risky actions — defense that actually holds.