UncategorizedVibe Coding Security323 lines

Least-Privilege Permissions

Quick Summary16 lines

AI coding tools default to "make it work" — and the fastest way to make it work is to grant full access everywhere. Admin IAM roles, root database users, wildcard API scopes, containers running as root. The code runs, the demo works, and you've just deployed an attack surface the size of a parking lot.

## Key Points

- name: app
- name: app
- name: tmp
1. Deploy with zero permissions
2. Watch it fail
3. Add exactly the permission it needs
4. Repeat until it works
- **AWS**: [iamlive](https://github.com/iann0036/iamlive) — captures API calls and generates least-privilege policies
- **GCP**: IAM Recommender — suggests role reductions based on actual usage
- **Azure**: Azure AD Access Reviews — identifies unused permissions

skilldb get vibe-coding-security-skills/least-privilege-permissionsFull skill: 323 lines

Install this skill directly: skilldb add vibe-coding-security-skills

Get CLI access →

Related Skills

Least-Privilege Permissions

The "Admin Everything" Anti-Pattern

The Pattern in IAM

"Just use the Owner role, it'll work"

Layer-by-Layer Least Privilege

1. Cloud IAM Roles

If you need to write to a specific bucket, use IAM conditions

2. Database Users

3. API Scopes and OAuth

4. File System Access

Running as root with full filesystem access

Read-only filesystem where possible

Writable only where needed

5. Container and Kubernetes Permissions

The Permission Audit Process

Step 1: Find All Credentials and Roles

Search for IAM, role, and permission patterns

Step 2: Check for Wildcards

Find wildcard permissions

Step 3: Verify Database Connections

Find database connection strings — are they using root?

Step 4: Review OAuth Scopes

Find OAuth scope definitions

Common AI-Generated Permission Mistakes

Principle: Start With Zero, Add What Breaks

Automation: Policy Generators

iamlive: generate policy from actual usage

Run your app through the proxy, then use the generated policy

Details

Pack: vibe-coding-security-skills
File: least-privilege-permissions.md
Lines: 323
Category: Uncategorized

Download via CLI

Pro

$ skilldb add vibe-coding-security-skills

Installs the full Vibe Coding Security pack to your project.

Least-Privilege Permissions

Related Skills

AI-Specific Vulnerabilities

Authentication and Authorization Patterns

Container and Deployment Security

Credential Management

Database Security Hardening

Dependency Supply Chain Security