Interlace ESLint
ESLint Interlace
Secure CodingRules

enforce-llm-tool-least-privilege

Ensure LLM tools have minimal necessary permissions.

Ensure LLM tools have minimal necessary permissions.

OWASP LLM Top 10 2025: LLM06 - Excessive Agency
CWE: CWE-250
Severity: 🔴 Critical

Rule Details

Detects LLM tools with excessive permissions (wildcards, admin, all).

❌ Incorrect

const tool = {
  permissions: ['*'],
};

const tool = {
  permissions: ['admin'],
};

✅ Correct

const tool = {
  permissions: ['read:users', 'write:cart'],
};

Options

{
  "secure-coding/enforce-llm-tool-least-privilege": ["error"]
}

Best Practices

Define specific permissions for each tool. Use RBAC (role-based access control).

Version

Introduced in v2.3.0

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Prompt from Variable

Why: Prompt content from variables not traced.

// ❌ NOT DETECTED - Prompt from variable
const prompt = buildPrompt(userInput);
await generateText({ prompt });

Mitigation: Validate all prompt components.

Nested Context

Why: Deep nesting obscures injection.

// ❌ NOT DETECTED - Nested
const messages = [{ role: 'user', content: userInput }];
await chat({ messages });

Mitigation: Validate at all levels.

Custom AI Wrappers

Why: Custom AI clients not recognized.

// ❌ NOT DETECTED - Custom wrapper
myAI.complete(userPrompt);

Mitigation: Apply rule to wrapper implementations.

detect-weak-password-validation

Detects weak password length requirements (less than 8 characters) in validation code.

no-allow-arbitrary-loads

Prevents disabling App Transport Security (ATS) by detecting `allowArbitraryLoads: true` in configuration.

On this page

Rule Details❌ Incorrect✅ CorrectOptionsBest PracticesVersionKnown False NegativesPrompt from VariableNested ContextCustom AI Wrappers