Model Context Protocol moderate risk

Apktool

apktool-mcp-server provides an automated interface to Apktool for Android APK analysis, integrating with LLMs via MCP for reverse engineering and vulnerability detection.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwriteexec

Quickstart

Config

{
    "mcpServers": {
        "apktool-mcp-server": {
            "command": "/<path>/<to>/uv", 
            "args": [
                "--directory",
                "</PATH/TO/>apktool-mcp-server/",
                "run",
                "apktool_mcp_server.py"
            ]
        }
    }
}

Exposed MCP Tools (13)

high

build_apk()

Builds an APK from a decoded APKTool project.

Can create a modified APK with potentially malicious code.

safe

get_manifest()

Gets the AndroidManifest.xml content from a decoded APK project.

Read-only access to the manifest file.

safe

get_apktool_yml()

Gets apktool.yml information from a decoded APK project.

Read-only access to the apktool.yml file.

safe

list_smali_directories()

Lists all smali directories in a project.

Read-only access to directory structure.

safe

list_smali_files()

Lists smali files in a specific smali directory, optionally filtered by package prefix.

Read-only access to file names.

safe

get_smali_file()

Gets content of a specific smali file by class name.

Read-only access to smali file content.

high

modify_smali_file()

Modifies the content of a specific smali file.

Allows arbitrary code modification in smali files.

safe

list_resources()

Lists resources in a project, optionally filtered by resource type.

Read-only access to resource information.

safe

get_resource_file()

Gets Content of a specific resource file.

Read-only access to resource file content.

high

modify_resource_file()

Modifies the content of a specific resource file.

Allows modification of resource files, potentially changing application behavior.

safe

search_in_file()

Searches for a pattern in files with specified extensions.

Read-only search operation.

moderate

clean_project()

Cleans a project directory to prepare for rebuilding.

Deletes files within the project directory.

moderate

decode_apk()

Decodes an APK file using APKTool, extracting resources and smali code.

Extracts content from APK, which could include malicious code.

Safety Assessment

apktool-mcp-server is relatively safe for static analysis and read-only operations. However, modifying and rebuilding APKs carries significant risk and should be done with caution in a controlled environment. Ensure that the source APK is trusted and that modifications are thoroughly reviewed.

Requires explicit project creation and APK decoding before modification.
Uses a well-established reverse engineering tool (Apktool).
Provides tools for cleaning project directories.
Offers read-only tools for static analysis.

Allows modification of smali and resource files, potentially introducing vulnerabilities.
Building APKs from modified projects can lead to unexpected behavior or security risks.
No built-in sandboxing; operations are performed directly on the file system.
Relies on user-provided APK files, which could be malicious.