What it does: You paste scopes. It points to the parts that are too broad (write/admin/wildcards/offline), suggests safer alternatives, and gives you a minimal set to try first.
Paste scopes/permissions. We’ll flag overreach, suggest safer options, and propose a minimal set you can copy.
0 scopes • 0 pts
Risk: Low
Overreach flags: 0
Findings
Minimal set (proposed)
Why this matters (plain English)
- Scopes are verbs. The more verbs, the bigger the blast radius.
- Wildcards and “admin” punch holes you won’t find until it’s on fire.
- Least-permission means: minimum verbs, minimum surface, minimum time.
How to use
- Tap your intent (read / upload / send / payments).
- Paste scopes or permissions (one per line or commas).
- Hit Scan.
- Copy the Minimal set and try to run your workflow with it.
- If it fails for a legit reason, add the smallest extra scope needed. Repeat.
Rules of thumb
- Scopes are verbs. Start with fewer verbs.
- Avoid admin, all, and *.
- Prefer resource-scoped variants (e.g.,
drive.file
over fulldrive
). - Skip offline/refresh unless it actually runs while you sleep.
- Split workflows. One task, one permission set.
Outputs
- Risk: quick badge.
- Findings: concrete issues and fixes.
- Minimal set: copy-paste list you can test.