Remove a package from the project.
AI agents call web_remove_package to permanently remove resources in PC-Control MCP Server — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
Removing a package is a destructive operation that modifies project configuration irreversibly. While not a direct file deletion, it uninstalls dependencies which breaks project integrity and requires manual recovery (re-adding/rebuilding). In a multi-tool context including shell commands and system control, an AI agent misusing this could corrupt a project's dependency tree, causing widespread build failures.
From the tool's definition 'Remove a package from the project' indicates irreversible deletion of package dependencies. The verb 'remove' combined with package management context means data/configuration will be deleted and cannot be automatically undone.
Attacks that exploit this kind of access
Remove a package from the project. It is categorised as a Destructive tool in the PC-Control MCP Server MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the PC-Control MCP Server MCP server in PolicyLayer and add a rule for web_remove_package: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches PC-Control MCP Server. Nothing to install.
web_remove_package is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the web_remove_package rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for web_remove_package. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
web_remove_package is provided by the PC-Control MCP Server MCP server (krsnmlna1/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
web_remove_package is one line of PC-Control MCP Server's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →