// MCP TOOL REFERENCE

Low Risk

packageSearch

ServerOctocode MCP - AI Context Platform · verified
CategoryRead
Parameters1 (1 required)
Verified12/06/2026

WHAT IT DOES

What packageSearch does on Octocode MCP - AI Context Platform

AI agents call packageSearch to retrieve information from Octocode MCP - AI Context Platform without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

Parameter	Type	Required	Description
`queries`	array	Yes	Array of queries for packageSearch. Maximum is 5 queries per call. Multiple queries run in parallel. Use the per-query `page` field to navigate through results.

Parameters from the server's own tool schema.

THE RISK

Low Risk

Why packageSearch needs a policy

This tool retrieves package information from npm and related registries with no side effects. It queries data (npm view, npm search, registry API) and returns structured metadata. There is no creation, modification, deletion, or code execution involved. The tool is purely informational and read-only, making it a Read category risk with low severity.

From the tool's definition Tool performs "npm package lookup by exact name or keyword" and "returns name, npmUrl, version, repoUrl, description, and GitHub owner/repo when available." The resolution chain involves querying npm CLI, registry API, and web search—all read-only operations…

Documented attack patterns abuse exactly the kind of access packageSearch gives an agent:

POLICY

How to control packageSearch

PolicyLayer is an MCP gateway — it sits between your AI agents and Octocode MCP - AI Context Platform, and nothing reaches the server without passing your rules. This is the rule we recommend for packageSearch:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "packageSearch": {}
  }
}

packageSearch is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.

Create a free account and register Octocode MCP - AI Context Platform — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

CAP THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More Octocode MCP - AI Context Platform tools

Read githubGetFileContent Read a known GitHub file or focused region. Arrive from githubSearchCode, githubViewRepoSt Read githubSearchCode External GitHub code/path search. Use distinctive terms to locate remote anchors; scope to Read githubSearchPullRequests External PR archaeology: find when, why, and by whom code changed. Triage with type='metad Read githubSearchRepositories External repository discovery when owner/repo is unknown. Use names, domain terms, owner, Read githubViewRepoStructure External GitHub tree inspection. Use root layout first, then drill into likely source/pack Read localFindFiles Find local files by name, extension, size, or modification time — metadata only. Use local Read localGetFileContent Read a local file or focused region. Arrive here from localSearchCode hits or localFindFil Read localSearchCode Local ripgrep search for text, regex, imports, identifiers, constants, TODOs, or errors. S

All 13 Octocode MCP - AI Context Platform tools →

Read tools on other servers

M-Team MCP Server get_torrent_detail YouTube MCP Server search_channel Android Forensics ADB MCP Server parse_browser_history 0xarchive web3_challenge

Go deeper

The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Data exfiltration → How read access becomes an exfiltration channel when chained with untrusted content.
MCP token cost → What connecting this server costs in context-window tokens on every request.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about packageSearch

What does the packageSearch tool do? +

npm package lookup by exact name or keyword. Resolution chain: npm CLI (npm view / npm search) → registry API (/-/v1/search) → npms.io web search — stops at the first successful result. Returns name, npmUrl, version, repoUrl, description, and GitHub owner/repo when available. Exact names resolve full metadata; keyword searches return a ranked list. Continue with githubViewRepoStructure or githubSearchCode after resolving the source repo. Use githubSearchRepositories for broad domain searches. It is categorised as a Read tool in the Octocode MCP - AI Context Platform MCP Server, which means it retrieves data without modifying state.

What parameters does packageSearch accept? +

packageSearch accepts 1 parameter: queries. Required: queries. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on packageSearch? +

Register the Octocode MCP - AI Context Platform MCP server in PolicyLayer and add a rule for packageSearch: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Octocode MCP - AI Context Platform. Nothing to install.

What risk level is packageSearch? +

packageSearch is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit packageSearch? +

Yes. Add a rate_limit block to the packageSearch rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block packageSearch completely? +

Set action: deny in the PolicyLayer policy for packageSearch. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides packageSearch? +

packageSearch is provided by the Octocode MCP - AI Context Platform MCP server (octocode-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Octocode MCP - AI Context Platform tool call.

Start from Octocode MCP - AI Context Platform, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

13 Octocode MCP - AI Context Platform tools catalogued and risk-classified — across an index of 43,000+ MCP servers.