AI agents call search_events to retrieve information from Api without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | integer | — | Maximum number of results to return (1-100, default 20) |
toDate | string | null | — | End date for search range (ISO 8601 format) |
country | string | null | — | Filter by country name or ISO code |
fromDate | string | null | — | Start date for search range (ISO 8601 format) |
eventname | string | null | — | Filter by eventame, tipically for the TC, cyclone name |
alertLevel | string | null | — | Alert level filter: 'green', 'orange', 'red', or combination like 'orange;red' |
eventTypes | string | null | — | Comma-separated event types to include (e.g., 'EQ,TC,FL'). Leave empty for all types. |
minSeverity | number | null | — | Minimum severity value to filter |
Parameters from the server's own tool schema.
This tool retrieves and queries disaster event data from www.gdacs.org without creating, modifying, deleting, or executing any operations. It is a read-only search operation that returns filtered results. The sibling tools (get_active_disasters, get_alert_level_info, etc.) also follow the read-only pattern, confirming this server provides informational access to public disaster data systems.
From the tool's definition Tool name is 'search_events' and description states it 'Search[es] for disaster events with various filters' and 'Returns a list of events matching the criteria'.
Attacks that exploit this kind of access
Search for disaster events with various filters. Returns a list of events matching the criteria, ordered by date descending. It is categorised as a Read tool in the Api MCP Server, which means it retrieves data without modifying state.
search_events accepts 8 parameters: limit, toDate, country, fromDate, eventname, alertLevel, eventTypes, minSeverity. The full parameter table on this page comes from the server's own tool schema.
Register the Api MCP server in PolicyLayer and add a rule for search_events: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Api. Nothing to install.
search_events is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the search_events rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for search_events. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
search_events is provided by the Api MCP server (https://api.gdacs.org/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →