APK Security Guard

Provides multi-tool APK security analysis via MCP with Jadx, JEB, APKTOOL, FlowDroid, and MobSF integrations.
  • python

9

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "il-il1-apk-security-guard-mcp-suite": {
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "JADX-MCP\\fastmcp_adapter.py"
      ],
      "env": {
        "MOBSF_URL": "http://localhost:8000",
        "MOBSF_API_KEY": "your_api_key_here"
      }
    }
  }
}

APK Security Guard MCP Server provides a unified interface to run and orchestrate multiple APK security analysis tools through the MCP (Model Context Protocol) standard. You can perform static and dynamic analyses, merge results across tools, and generate a comprehensive vulnerability report for Android APKs with a consistent API surface.

How to use

To leverage the MCP server, connect with an MCP client that can issue the standardized tool-specific APIs. Each tool runs as a local MCP server and exposes a defined set of functions. You can run analyses in parallel, merge results, and then review a consolidated vulnerability report that reflects cross-tool consensus and differences.

How to install

Prerequisites: you need Python and Node.js installed on your machine to support the local MCP servers and tooling.

  1. Set up a project directory and install dependencies in a Python virtual environment to avoid conflicts.

  2. Install Python dependencies from the requirements file.

  3. If MobSF APIs are used, install MobSF MCP Node dependencies globally.

Configuration and MCP servers

The MCP client configuration includes multiple local servers that run in stdio mode. Each server exposes a dedicated Python or Node script that you start from your development environment. The following stdio configurations are provided:

Additional notes

  • This suite supports multiple tools: Jadx, JEB, APKTOOL, FlowDroid, and MobSF. Each tool operates as its own MCP server and can be started independently. The integrated client can request analysis, retrieve decompiled sources, and combine results into a final comprehensive report.

  • MobSF can be extended with its own APIs and requires environment variables for its URL and API key when used through the MCP interface.

  • For practical usage, ensure your environment matches the file paths and script locations described in the startup configuration to avoid path-related errors.

Available tools

ping

Check if the MCP server is alive and reachable.

get_manifest

Retrieve AndroidManifest.xml content for an APK.

get_apk_permissions

Extract all declared permissions from the APK manifest.

get_apk_components

List activities, services, receivers, and providers from the manifest.

get_method_decompiled_code

Fetch decompiled code for a specific method signature.

get_class_decompiled_code

Fetch decompiled code for a specific class signature.

get_method_callers

List callers of a given method in the APK.

get_method_overrides

List overrides of a given method.

get_apk_info

Retrieve basic APK information.

get_intent_filters

Extract intent-filters for components.

get_exported_components

List exported components and attributes.

list_broadcast_receivers

List broadcast receivers and their intents.

list_all_classes

List all decompiled classes with pagination.

search_class_by_name

Search for classes by name.

get_class_source

Get full decompiled source for a class.

search_method_by_name

Search for methods by name.

get_methods_of_class

List all methods in a class.

get_fields_of_class

List all fields in a class.

get_method_code

Get source code of a specific method.

get_method_signature

Get full method signature.

get_field_details

Get details about a field.

search_in_files

Search within project files for patterns.

get_apktool_yml

Retrieve apktool.yml information from a decoded project.

uploadFile

Upload an app to MobSF for analysis.

getJsonReport

Retrieve JSON security report from MobSF.

generatePdfReport

Generate a PDF security report for MobSF.

viewSource

View source files from MobSF analysis.

combine_analysis_results

Merge tool reports into a combined analysis.

analyze_with_jeb/jadx/apktool/flowdroid/mobsf

Run independent analyses with the five MCP tools and generate a standardized report.

split_vulnerabilities_by_priority

Separate vulnerabilities by frequency and MobSF source.

assess_vulnerability_risk

Evaluate risk for MobSF-only vulnerabilities using a large model.

integrate_priority_reports

Create the final comprehensive vulnerability report from prioritized results.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational