You're viewing a demo portfolio

Join the waitlist
PRSM

security_fetch_package_risk_brief

Active

Tool of DataNexus MCP

declared in 3.4.2

Single SHIP/CAUTION/BLOCK verdict for any package. Combines CVEs, licence, maintainer health, and transitive count in one call. Uses OSV.dev, deps.dev, PyPI, and npm registry — data refreshed on each call. Returns verdict (SHIP/CAUTION/BLOCK), critical_cve_count, high_cve_count, licence_risk, maintainer_health, transitive_count, resolved_version, upstream_status, and reasoning. Rate limit: 30/minute. No auth required. For security engineers performing pre-inclusion package review. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_package_risk_brief", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

Parameters schema

{
  "type": "object",
  "required": [
    "package_name",
    "ecosystem"
  ],
  "properties": {
    "version": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "Package version e.g. 2.28.0. Required."
    },
    "ecosystem": {
      "enum": [
        "npm",
        "pypi",
        "go",
        "cargo",
        "maven"
      ],
      "type": "string",
      "description": "Package ecosystem: npm, pypi, cargo, go, maven. Required."
    },
    "package_name": {
      "type": "string",
      "description": "Package name e.g. requests. Required."
    }
  },
  "additionalProperties": false
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.50.

Parent server

DataNexus MCP

1/7 registries
View full server →
security_fetch_package_risk_brief — DataNexus MCP — PRSM MCP