Apktool MCP Server
by zinja-coder
Decompile and analyze Android APKs with your AI agent
security Python Intermediate Self-hostable No API key
β 301 stars π
Updated: 5mo ago
Description
Apktool MCP Server wraps the popular Apktool reverse engineering tool and exposes it through MCP, letting your AI agent decompile Android APK files, inspect their contents, analyze manifests, and explore smali code. If you do Android security research, malware analysis, or mobile app auditing, this server gives your agent the ability to pull apart APKs conversationally.
The typical workflow involves feeding an APK to the agent, which then uses Apktool to decompile it and examine the AndroidManifest.xml, resources, and bytecode. Your agent can identify permissions, find hardcoded strings (potential API keys or secrets), map out activities and services, and flag suspicious patterns β tasks that normally require manual terminal work with Apktool.
With 301 stars and zero open issues, the project is stable and focused. It was last updated in September 2025, so it is not in rapid development, but Apktool itself is mature and the MCP wrapper is straightforward. The niche audience (Android security researchers) means community size is small, but the tool does its job well for those who need it.
β Best for
Android security researchers and mobile app auditors who want AI-assisted APK analysis
βοΈ Skip if
You do not work with Android apps β this server has no other use case
π‘ Use cases
- Decompile Android APKs and have your AI agent analyze the manifest for dangerous permissions
- Search decompiled code for hardcoded API keys, tokens, or suspicious URL patterns
- Audit mobile apps for security issues by inspecting smali bytecode and resources
π Pros
- β Zero open issues β stable and reliable for its focused use case
- β Wraps the well-established Apktool (most popular Android decompiler)
- β No API key required β runs entirely locally
π Cons
- β Very niche β only useful for Android APK analysis
- β Last updated September 2025 β not under active development
- β Requires Apktool and Java to be installed on the host system
π‘ Tips & tricks
Install Apktool and Java first (`brew install apktool` on macOS). Point the agent
at APK files by path rather than URL β local analysis is faster and more reliable.
For malware analysis, run in an isolated environment (VM or container) as a safety
precaution. Combine with a filesystem MCP server for broader file exploration.
Quick info
- Author
- zinja-coder
- License
- Apache-2.0
- Runtime
- Python
- Transport
- stdio
- Category
- security
- Difficulty
- Intermediate
- Self-hostable
- β
- API key
- No API key needed
- Docker
- β
- Version
- 0.0.0
- Updated
- Sep 12, 2025
Client compatibility
- β Claude Code
- β Cursor
- β VS Code Copilot
- β Gemini CLI
- β Windsurf
- β Cline
- β JetBrains AI
- β Warp
Platforms
π macOS π§ Linux πͺ Windows