Agent Permission Lab

Paste an agent tool configuration JSON — including MCP schemas — and analyze it for permission scope problems, missing approval gates, and execution identity risks. 15 security rules across 6 risk categories.

Learning objectives

Understand the three permission scope levels — read-only, write-broad, admin — and when each is dangerous
Identify side-effecting actions (email send, record modification, code execution) that need approval gates
Recognize when an agent's execution identity (service account, system admin) expands blast radius
Read MCP tool schemas and spot ambiguous descriptions that hide capability scope

Risk categories

Permission scope

read-only vs write-broad vs admin

Side effects

email, record mod, privilege change, code exec

Approval gates

side-effecting actions without confirmation

Execution identity

unknown, service account, system admin

MCP quality

ambiguous descriptions, unbounded arguments

Framework

OWASP LLM06 — Excessive Agency

Reading materials

AIPSA Handbook · Ch 6

Chapter 6 — Agentic Permissions

Tool-call security, delegated authority, approval gates, side-effect containment, MCP surface analysis, sandboxing, and action logging for AI agents.

4.9 MB

Checking…

AIPSA Field Guide · Ch 5 · Ch 5

Agent Security

Delegated authority, tool calls, MCP-style tool surfaces, approvals, side effects, action logging, sandboxing, and agentic workflow governance.

~2 MB

Checking…

Mythos Report · Ch 9 · Ch 9

Excessive Agency Is the New Overprivileged Service Account

Drawing the direct line from classic least-privilege failures to agentic AI: why scope, approval gates, and blast radius matter more as agents gain capabilities.

~1 MB

Checking…

Interactive tool

Load example:

{
  "id": "unsafe-email-agent",
  "name": "Autonomous Email Agent",
  "agentType": "sales_agent",
  "description": "Sends email to any recipient without approval.",
  "owner": "Sales Ops",
  "executionIdentity": "service_account",
  "tools": [
    {
      "id": "email-send",
      "name": "Send Email",
      "toolType": "email",
      "description": "Sends email to any recipient.",
      "requiresApproval": false,
      "executionIdentity": "service_account",
      "permissions": [
        {
          "id": "email-write",
          "permissionType": "send_email",
          "scopeLevel": "external",
          "resource": "any_recipient"
        }
      ],
      "actions": [
        {
          "id": "send",
          "name": "Send",
          "actionType": "send_email",
          "sideEffecting": true,
          "requiresApproval": false,
          "riskLevel": "high"
        }
      ],
      "sideEffects": [
        {
          "id": "external-email",
          "sideEffectType": "external_email",
          "external": true,
          "reversible": false,
          "requiresApproval": false
        }
      ]
    }
  ]
}

← Back to Academy Labs Open standalone tool