// MCP TOOL REFERENCE
Low Risk

depscore

Get the dependency score of packages with the

How to control depscore ↓

WHAT DEPSCORE ON SOCKET MCP SERVER DOES

AI agents call depscore to retrieve information from Socket MCP Server without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

THE RISK

Low Risk

This tool queries dependency security information and returns scores without modifying data, executing code, deleting resources, or transferring funds. It is a read-only operation that retrieves vulnerability intelligence.

From the tool's definition The tool description states it retrieves 'the dependency score of packages' and the server is described as 'allowing AI assistants to efficiently check dependency vulnerability scores and security information.' The verb 'get' and 'check' indicate…

Documented attack patterns abuse exactly the kind of access depscore gives an agent:

HOW TO CONTROL DEPSCORE

PolicyLayer is an MCP gateway — it sits between your AI agents and Socket MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for depscore:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "depscore": {}
  }
}

depscore is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.

  1. Create a free account and register Socket MCP Server — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
CAP THIS TOOL →

Free to start. No card required.

EXPLORE

More Socket MCP Server tools

Read alerts List the latest security alerts for a Socket organization with the Read organizations List the Socket organizations the authenticated user belongs to with the Read package_file_contents Read a single file from a package using the Read package_file_grep Search a single file from a package for lines matching a JavaScript regular expression. Pa Read package_files List the files published in a package using the Read threat_feed Look up items in the Socket organization threat feed with the

All 7 Socket MCP Server tools →

Read tools on other servers

Frida Game Hacking MCP check_installation Procmon analyze_pe MegaMemory get_concept WireMCP analyze_pcap

Go deeper

FAQ

What does the depscore tool do? +

Get the dependency score of packages with the. It is categorised as a Read tool in the Socket MCP Server MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on depscore? +

Register the Socket MCP Server MCP server in PolicyLayer and add a rule for depscore: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Socket MCP Server. Nothing to install.

What risk level is depscore? +

depscore is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit depscore? +

Yes. Add a rate_limit block to the depscore rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block depscore completely? +

Set action: deny in the PolicyLayer policy for depscore. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides depscore? +

depscore is provided by the Socket MCP Server MCP server (socketdev/socket-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Socket MCP Server tool call.

Deterministic rules across all 7 Socket MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN SOCKET →

Free to start. No card required.

7 Socket MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.