SECENG MAP
AI Tool Capability & Permission Analysis
Understand what your AI tools can really do.
Analyze MCP servers, OpenAPI specifications, Claude tools, Codex tools, and other callable AI capabilities to identify permissions, trust boundaries, excessive agency, and attack surface before attackers do. Tool Capsule Analysis performs static analysis of tool definitions; it does not execute tools.
Discover
Inventory every callable capability from MCP, OpenAPI, Swagger, Claude, Codex, Gemini, and agent frameworks.
Understand
Classify permissions, authentication, side effects, data flows, and trust boundaries.
Prioritize
Identify excessive agency, missing approvals, destructive operations, and risky cross-boundary tools.
Feed evidence
Generate Threat Canvas assets and feed Agent Permission Diff and Correlation Engine workflows.
Core capabilities
What SecEng Tool Capsule Analyzer does.
Tool Inventory
Build a callable-tool inventory across MCP servers, OpenAPI specifications, Swagger files, Claude tools, Codex tools, Gemini tools, LangGraph, CrewAI, AutoGen, Semantic Kernel, Flowise, Langflow, and n8n.
Capability Classification
Classify read, write, delete, send, execute, admin, filesystem, browser, secret, and network capabilities from tool definitions and API schemas.
Permission Model
Map permissions, authentication requirements, inherited capabilities, and side effects so tool scope is reviewable before deployment.
Trust Boundary Mapping
Identify tools that cross trust boundaries, expose destructive operations, or lack approval gates for irreversible actions.
Downstream Handoff
Produce structured findings that feed Threat Canvas, Agent Permission Diff, and release-readiness review.
Static Analysis First
Analyze definitions and schemas without invoking production tools, calling APIs, or changing customer systems.
Evidence & signals
What you get out of the box.
Inputs
- MCP servers
- OpenAPI / Swagger
- Claude and Codex tools
- Gemini tools
- LangGraph / CrewAI / AutoGen
- Semantic Kernel / Flowise / Langflow / n8n
Security Model
- Tool inventory
- Capability graph
- Permission model
- Authentication requirements
- Side effects
- Trust boundaries
Deliverables
- Threat Canvas assets
- Engineering findings
- Executive summary
- Permission drift handoff
- Release review signals
AI SECURITY ENGINEERING WORKBENCH
Ready to put SecEng Tool Capsule Analyzer to work?
Tool Capsule Analysis is an active-development SecEng Workbench capability available through scoped public-site review conversations. We analyze tool definitions, model permissions, and return engineering findings without executing production tools.
Also in the Workbench
WHAT AI DO WE HAVE?
SecEng Surface Scanner
Browser, Repo & IDE AI Discovery
WHERE CAN AI CODE BECOME AN ATTACK PATH?
SecEng Code Scanner
AI Attack-Path SAST
WHAT DID IT ACTUALLY DO?
SecEng Runtime Proxy
MITM Capture, Replay & Runtime Evidence
HOW CAN IT FAIL UNDER ATTACK?
SecEng Adversarial Range
AI Red-Team Scenario Harness
WHAT CAN AGENTS ACTUALLY DO?
SecEng Authority Graph
Agent Authority & Approval-Path Analysis
WAS RETRIEVAL AUTHORIZED?
SecEng RAG Test Harness
Retrieval & Context Security Test Harness
SecEng Threat Canvas
AI Threat Modeling & Trust-Boundary Mapping
SecEng Trust Scanner
Public AI Trust Signal Scoring
Atlassian Threat Canvas
Security Data Flow Canvas for Jira + Confluence
SecEng Agent Permission Analyzer
Agent Tool Permission Security Analysis
SecEng Artifact Analyzer
Static Artifact Intelligence
SecEng Injection Harness
Prompt Injection Testing
SecEng Prompt Reviewer
Prompt & Corpus Security Review
SecEng Model Gateway
Governed AI Routing, Policy Enforcement & Spend Control
SecEng Program Blueprint Kit
AI Security Program Build
SecEng Output Safety Tester
AI Output Safety Testing
SecEng Evidence Scorecard
AI Product Security Assessment & Maturity Scoring
WHERE ARE YOUR PRODUCTION PROMPTS?
SecEng Prompt Asset Scanner
Prompt Asset Inventory & Security Review
WHAT CAN YOUR AGENTS ACTUALLY DO?
SecEng Agent Authority Diff
Agent Authority Review & Hardening
WHICH AI DEPENDENCIES CHANGE RELEASE RISK?
SecEng Supply Chain Scanner
AI Supply Chain Risk Analysis
CAN YOU PROVE WHAT YOUR EVALS COVER?
SecEng Eval Coverage Auditor
AI Security Eval Coverage Evidence
ARE YOUR AI CONFIGS SAFE TO DEPLOY?
SecEng AI Config Linter
AI Runtime Configuration Security
AIPSA Evidence Packs
Structured Security Assessment Outputs