First, tell your company to install all the packages to a single networked location, and every time you want one they have 24 hours to review and install. Anything longer than that is insane and is an IT department overstepping its bounds in order to feel important and justify their existence. If the company lets them do this regularly than I’d start to look for another new job.
Second, for the most part packages aren’t software, they are files which can be copied into place if you have write access to the folder. They may have some code in them, but if you have python installed and dynamo installed you don’t need anything else other than the files. Download them to the correct location and you should be good to go. If you can’t write to the default folder, then try adding a “dynamo packages” directory to your documents folder and save them there. If you can’t write there then just walk out cuz that’s insane.
If you really can’t make any packages work, try to feed the workset element, not the name. Might not work as I haven’t tested this before.
Lastly, if your IT department wants some more input on why this isn’t an issue, have the director (or whoever is holding this back) start another “security concerns” post with their account so we can correct any misinformation, or so things can be run up the ladder, and the dev team can address any legitimate security concerns directly. They have already done quite a bit towards that end (“The package you are downloading contains python scripts” made me chuckle the first time I saw it.).