- Home
- MCP servers
- APK Security Guard
APK Security Guard
- python
9
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"il-il1-apk-security-guard-mcp-suite": {
"command": "myenv\\Scripts\\python.exe",
"args": [
"JADX-MCP\\fastmcp_adapter.py"
],
"env": {
"MOBSF_URL": "http://localhost:8000",
"MOBSF_API_KEY": "your_api_key_here"
}
}
}
}APK Security Guard MCP Server provides a unified interface to run and orchestrate multiple APK security analysis tools through the MCP (Model Context Protocol) standard. You can perform static and dynamic analyses, merge results across tools, and generate a comprehensive vulnerability report for Android APKs with a consistent API surface.
How to use
To leverage the MCP server, connect with an MCP client that can issue the standardized tool-specific APIs. Each tool runs as a local MCP server and exposes a defined set of functions. You can run analyses in parallel, merge results, and then review a consolidated vulnerability report that reflects cross-tool consensus and differences.
How to install
Prerequisites: you need Python and Node.js installed on your machine to support the local MCP servers and tooling.
-
Set up a project directory and install dependencies in a Python virtual environment to avoid conflicts.
-
Install Python dependencies from the requirements file.
-
If MobSF APIs are used, install MobSF MCP Node dependencies globally.
Configuration and MCP servers
The MCP client configuration includes multiple local servers that run in stdio mode. Each server exposes a dedicated Python or Node script that you start from your development environment. The following stdio configurations are provided:
Additional notes
-
This suite supports multiple tools: Jadx, JEB, APKTOOL, FlowDroid, and MobSF. Each tool operates as its own MCP server and can be started independently. The integrated client can request analysis, retrieve decompiled sources, and combine results into a final comprehensive report.
-
MobSF can be extended with its own APIs and requires environment variables for its URL and API key when used through the MCP interface.
-
For practical usage, ensure your environment matches the file paths and script locations described in the startup configuration to avoid path-related errors.
Available tools
ping
Check if the MCP server is alive and reachable.
get_manifest
Retrieve AndroidManifest.xml content for an APK.
get_apk_permissions
Extract all declared permissions from the APK manifest.
get_apk_components
List activities, services, receivers, and providers from the manifest.
get_method_decompiled_code
Fetch decompiled code for a specific method signature.
get_class_decompiled_code
Fetch decompiled code for a specific class signature.
get_method_callers
List callers of a given method in the APK.
get_method_overrides
List overrides of a given method.
get_apk_info
Retrieve basic APK information.
get_intent_filters
Extract intent-filters for components.
get_exported_components
List exported components and attributes.
list_broadcast_receivers
List broadcast receivers and their intents.
list_all_classes
List all decompiled classes with pagination.
search_class_by_name
Search for classes by name.
get_class_source
Get full decompiled source for a class.
search_method_by_name
Search for methods by name.
get_methods_of_class
List all methods in a class.
get_fields_of_class
List all fields in a class.
get_method_code
Get source code of a specific method.
get_method_signature
Get full method signature.
get_field_details
Get details about a field.
search_in_files
Search within project files for patterns.
get_apktool_yml
Retrieve apktool.yml information from a decoded project.
uploadFile
Upload an app to MobSF for analysis.
getJsonReport
Retrieve JSON security report from MobSF.
generatePdfReport
Generate a PDF security report for MobSF.
viewSource
View source files from MobSF analysis.
combine_analysis_results
Merge tool reports into a combined analysis.
analyze_with_jeb/jadx/apktool/flowdroid/mobsf
Run independent analyses with the five MCP tools and generate a standardized report.
split_vulnerabilities_by_priority
Separate vulnerabilities by frequency and MobSF source.
assess_vulnerability_risk
Evaluate risk for MobSF-only vulnerabilities using a large model.
integrate_priority_reports
Create the final comprehensive vulnerability report from prioritized results.