- Home
- MCP servers
- APK Security
APK Security
- typescript
7
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
This MCP Server consolidates multiple APK security analysis tools into a shared, scriptable interface. You can run independent analyses with JEB, JADX, APKTool, FlowDroid, and MobSF, then combine results into a comprehensive vulnerability report. This approach increases coverage, speeds up investigations, and lets you orchestrate security checks from a single client or editor integration.
How to use
You interact with the server through an MCP client that can start, query, and manage the 5 integrated analysis tools. For a given APK, you can request static decompilation data, manifest details, decompiled source, taint analysis results, and security reports. The client can also request combined results to prioritize high-frequency findings across tools, enabling you to focus on the most credible issues.
How to install
Prerequisites: you need Node.js and Python installed on your machine, plus any runtime environments required by the individual MCP tools.
Install dependencies and set up the MobSF integration, then install the specific MCP components to enable local servers for each tool.
Follow these concrete steps to get started with the server locally:
Additional sections
Configuration and environment notes are shown below. These blocks pull from the built-in MCP configurations for the JEB, JADX, FlowDroid, and MobSF integrations. Start each local MCP server according to its documented command, then point the MCP client at the appropriate endpoints.
Available tools
JEB MCP
JEB-based MCP endpoint offering manifest, decompiled code, and analysis utilities for APKs.
JADX MCP
JADX MCP endpoint providing class listings, decompiled sources, and code exploration APIs.
APKTOOL MCP
APKTool-based MCP endpoints for decoding, rebuilding, and resource inspection.
MobSF MCP
MobSF-based MCP endpoints for uploading apps, retrieving scans, and accessing detailed report sections.
FlowDroid MCP
FlowDroid MCP endpoint for taint analysis and extraction of sources/sinks.