Subagent Tool Restrictions - Claude Code
Limit which tools a subagent can access.
Tool restrictions let you cap what a subagent is allowed to do. A "read-only researcher" literally can't write to disk if you don't include Edit or Write.
What it does
In the subagent's frontmatter, you list the exact set of tools the agent may use. Every other tool call from that agent fails immediately. This is the cleanest way to build roles with least-privilege guarantees - the safety is structural, not based on hoping Claude doesn't reach for a forbidden tool.
When to use it
- Researcher and auditor roles that should never write code.
- Tightly scoped agents for sensitive tasks (compliance checks, logs).
- Shared team agents where different contributors will invoke them.
- Defense in depth alongside permission rules.
Gotchas
- Over-restricted agents fail tasks in confusing ways. Err toward inclusion for genuine needs.
- Tool restrictions don't limit what the subagent can read - they limit what it can call.
- Adding tools later is easy; taking them back is harder once workflows depend on them.
Official docs: https://code.claude.com/docs/en/sub-agents.md#control-subagent-capabilities
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
Related Guides
Related Tools
Claude Code
Anthropic's agentic coding CLI. Runs in your terminal, edits files autonomously, spawns sub-agents, and maintains memory...
View ToolCodeburn
Interactive TUI dashboard that shows exactly where your Claude Code and Cursor tokens are going, in real time.
View Toolv0
Vercel's generative UI tool. Describe a component, get production-ready React code with shadcn/ui and Tailwind. Iterate...
View ToolZed
High-performance code editor built in Rust with native AI integration. Sub-millisecond input latency. Built-in assistant...
View ToolRelated Videos
Composio: Connect OpenClaw & Claude Code to 1,000+ Apps via CLI
Composio: Connect AI Agents to 1,000+ Apps via CLI (Gmail, Google Docs/Sheets, Hacker News Workflows) Check out Composio here: http://dashboard.composio.dev/?utm_source=Youtube&utm_channel=0426&utm_...
Claude Code Channels in 8 Minutes
Anthropic has released Channels for Claude Code, enabling external events (CI alerts, production errors, PR comments, Discord/Telegram messages, webhooks, cron jobs, logs, and monitoring signals) to b...
Claude Code Loops in 7 Minutes
Claude Code “Loop” Scheduling: Recurring AI Tasks in Your Session The script explains Claude Code’s new “Loop” feature (an evolution of the Ralph Wiggins technique) for running recurring prompts that...
Related Posts
Anthropic Sonnet 4.5 in Claude Code
Anthropic's Claude Sonnet 4.5 isn't just another model increment. The company claims they've observed it maintaining foc...
12 Tools in One Night: An Honest Overnight Agent Report
I told an agent to improve the site every 10 minutes and went to sleep. Here is what 12 new repos, 60 PRs, and three goo...
Agent Replays with TraceTrail: Loom for Agent Runs
Agent runs are opaque. TraceTrail turns a Claude Code JSONL into a public share link with a stepped timeline of messages...
