When a WebAssembly component is compromised, current security models cannot always prevent it from abusing the full set of capabilities granted at initialization. With the component model encouraging reuse of third-party components distributed via OCI registries, this creates supply chain risks similar to those that have plagued NPM. Additionally, capabilities in the WebAssembly System Interface (WASI) are often coarse-grained and have no native support for restriction at runtime, violating the principle of least authority and exacerbating this risk. We present a transparent, language-agnostic, and runtime-agnostic framework for interposing arbitrary logic at WebAssembly component boundaries. Our approach automatically wraps components while preserving their interfaces, enabling arbitrary logic insertion without modifying guest components or runtimes. Using the framework, we draw inspiration from previous work on higher-order contracts and propose an embedded DSL for specifying arbitrary logic in which we define fine-grained security policies that dynamically restrict capabilities. Our approach enables compositional reasoning about security and allows better enforcement of the principle of least authority for component-based WebAssembly programs.