VERIFIED

Apktool

Safety: 45/100

0.0(0)

apktool-mcp-server provides an automated interface to Apktool for Android APK analysis, integrating with LLMs via MCP for reverse engineering and vulnerability detection.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

apktool-mcp-server provides an automated interface to Apktool for Android APK analysis, integrating with LLMs via MCP for reverse engineering and vulnerability detection.

apktool-mcp-server is relatively safe for static analysis and read-only operations. However, modifying and rebuilding APKs carries significant risk and should be done with caution in a controlled environment. Ensure that the source APK is trusted and that modifications are thoroughly reviewed.

Performance depends on the size and complexity of the APK file. Decoding large APKs can be time-consuming. Consider optimizing smali code for faster analysis.

The server itself is open-source and free to use. However, using LLMs via MCP may incur costs depending on the LLM provider's pricing model.

HybridPython299 starsApache-2.0Released 9/12/2025

Connections & Capabilities

Connects To

GitHub

Capabilities

ReadWriteExec

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Claude Desktop Config

{
    "mcpServers": {
        "apktool-mcp-server": {
            "command": "/<path>/<to>/uv", 
            "args": [
                "--directory",
                "</PATH/TO/>apktool-mcp-server/",
                "run",
                "apktool_mcp_server.py"
            ]
        }
    }
}

Tools (13)

high

build_apk()

Builds an APK from a decoded APKTool project.

Can create a modified APK with potentially malicious code.

safe

get_manifest()

Gets the AndroidManifest.xml content from a decoded APK project.

Read-only access to the manifest file.

safe

get_apktool_yml()

Gets apktool.yml information from a decoded APK project.

Read-only access to the apktool.yml file.

safe

list_smali_directories()

Lists all smali directories in a project.

Read-only access to directory structure.

safe

list_smali_files()

Lists smali files in a specific smali directory, optionally filtered by package prefix.

Read-only access to file names.

safe

get_smali_file()

Gets content of a specific smali file by class name.

Read-only access to smali file content.

high

modify_smali_file()

Modifies the content of a specific smali file.

Allows arbitrary code modification in smali files.

safe

list_resources()

Lists resources in a project, optionally filtered by resource type.

Read-only access to resource information.

safe

get_resource_file()

Gets Content of a specific resource file.

Read-only access to resource file content.

high

modify_resource_file()

Modifies the content of a specific resource file.

Allows modification of resource files, potentially changing application behavior.

safe

search_in_file()

Searches for a pattern in files with specified extensions.

Read-only search operation.

moderate

clean_project()

Cleans a project directory to prepare for rebuilding.

Deletes files within the project directory.

moderate

decode_apk()

Decodes an APK file using APKTool, extracting resources and smali code.

Extracts content from APK, which could include malicious code.

Security

Auth Method

None

Data Locality

hybrid

Known Risks

!Modifying smali code without proper understanding can lead to application crashes or security vulnerabilities.
!Rebuilding APKs from modified projects may introduce compatibility issues.
!The server is vulnerable to command injection if input sanitization is not properly implemented.
!Malicious APK files could be used to exploit vulnerabilities in the underlying Apktool or the server itself.

Safety Score

moderate risk

Positive

+Requires explicit project creation and APK decoding before modification.
+Uses a well-established reverse engineering tool (Apktool).
+Provides tools for cleaning project directories.
+Offers read-only tools for static analysis.

Risks

-Allows modification of smali and resource files, potentially introducing vulnerabilities.
-Building APKs from modified projects can lead to unexpected behavior or security risks.
-No built-in sandboxing; operations are performed directly on the file system.
-Relies on user-provided APK files, which could be malicious.

Use Cases

Reverse Engineering

-Analyzing the structure and functionality of Android applications.
-Identifying potential vulnerabilities in APK files.
-Understanding the implementation of specific features in an application.

Malware Analysis

-Examining the code and resources of suspicious APKs.
-Detecting malicious behavior and identifying potential threats.
-Extracting indicators of compromise (IOCs) from malware samples.

Security Auditing

-Performing static analysis of Android applications to identify security flaws.
-Verifying the integrity of APK files.
-Ensuring compliance with security best practices.

Educational Purposes

-Learning about Android application development and security.
-Practicing reverse engineering techniques.
-Exploring the inner workings of APK files.

Who Is This For?

Best For

Reverse engineers
Security researchers
Mobile application developers
Malware analysts
Students learning about Android security

Not Ideal For

Automated production environments without proper security controls.
Users without a strong understanding of Android application security.
High-volume APK analysis due to performance limitations.

Autonomy & Execution

Default ModeConfigurable

Destructive Tools

Autonomy depends on the specific MCP tool used. Some tools allow for destructive operations, so caution is advised.

StatelessYes

Retry LogicNone

ConcurrencySingle-threaded

Production Tip

Isolate the server in a dedicated environment to minimize the impact of potential security breaches.

FAQ

What is Apktool?

Apktool is a reverse engineering tool for decoding and rebuilding Android APK files.

What is MCP?

Model Context Protocol (MCP) is a protocol for interacting with language models.

How do I install apktool-mcp-server?

Download the latest release from GitHub, install dependencies using uv, and configure the MCP server in your LLM client.

What are the system requirements for running apktool-mcp-server?

Python 3.10 or higher, Apktool installed and configured, and a compatible LLM client with MCP support.

Can I use apktool-mcp-server to modify APK files?

Yes, but it's important to understand the risks involved and ensure that you have the necessary permissions.

Is apktool-mcp-server safe to use?

It depends on how you use it. Read-only operations are generally safe, but modifying and rebuilding APKs can be risky.

What kind of LLMs are supported?

The server is designed to work with any LLM that supports the Model Context Protocol (MCP).

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Apktool - AI Tool Review & Alternatives | Flaex AI