// SCAN REPORT

uiautomator2 MCP Server

77 tools. 56 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

56 can modify or destroy data
21 read-only
77 tools total

Community server · catalogue entry verified 11/06/2026

How to control uiautomator2 MCP Server ↓

TOOL MAP

What uiautomator2 MCP Server exposes to your agents

Read (21) Write / Execute (48) Destructive / Financial (5)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous uiautomator2 MCP Server tools

Destructive · High app_uninstall_all This tool removes applications irreversibly in bulk, which is a destructive operation affecting system state. Destructive · High app_clear The 'app_clear' tool most likely clears application data, cache, or uninstalls apps on a controlled Android device. Destructive · High app_uninstall Uninstalling an application is a destructive action that irreversibly removes software and associated data from the device. Destructive · High clear_text Text clearing in UI automation is destructive because it permanently removes data from input fields without user confirmation or undo capability.

56 of uiautomator2 MCP Server's 77 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control uiautomator2 MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and uiautomator2 MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "app_clear": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "write_clipboard": {
    "limits": [
      {
        "counter": "write_clipboard_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "app_list": {
    "limits": [
      {
        "counter": "app_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register uiautomator2 MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON UIAUTOMATOR2 →

Free to start. No card required.

FULL CATALOGUE

All 77 uiautomator2 MCP Server tools

DESTRUCTIVE 5 tools
Destructive app_clear app_clear Destructive app_uninstall app_uninstall Destructive app_uninstall_all app_uninstall_all Destructive clear_text clear_text Destructive purge purge
EXECUTE 47 tools
Execute activity_wait_appear activity_wait_appear Execute app_start app_start Execute app_stop app_stop Execute app_stop_all app_stop_all Execute app_wait app_wait Execute screen_record_start screen_record_start Execute screen_record_stop screen_record_stop Execute start_scrcpy start_scrcpy Execute stop_scrcpy stop_scrcpy Execute xpath_wait_appear xpath_wait_appear Execute xpath_wait_gone xpath_wait_gone Execute show_toast show_toast Execute app_auto_grant_permissions app_auto_grant_permissions Execute app_install app_install Execute click click Execute connect connect Execute disconnect_all disconnect_all Execute double_click double_click Execute drag drag Execute hide_keyboard hide_keyboard Execute init init Execute long_click long_click Execute open_notification open_notification Execute open_quick_settings open_quick_settings Execute press_key press_key Execute screen_off screen_off Execute screen_on screen_on Execute screen_record screen_record Execute send_text send_text Execute set_focused_text set_focused_text Execute set_orientation set_orientation Execute shell_command shell_command Execute swipe swipe Execute swipe_down swipe_down Execute swipe_ext swipe_ext Execute swipe_left swipe_left Execute swipe_points swipe_points Execute swipe_right swipe_right Execute swipe_up swipe_up Execute unlock unlock Execute xpath_click xpath_click Execute xpath_click_nowait xpath_click_nowait Execute xpath_long_press xpath_long_press Execute xpath_scroll xpath_scroll Execute xpath_scroll_to xpath_scroll_to Execute xpath_set_text xpath_set_text Execute xpath_swipe xpath_swipe
WRITE 1 tools
Write write_clipboard write_clipboard
READ 21 tools
Read app_list app_list Read app_list_running app_list_running Read device_list device_list Read get_orientation get_orientation Read get_toast get_toast Read read_clipboard read_clipboard Read screenshot screenshot Read xpath_get_attrib xpath_get_attrib Read xpath_get_bounds xpath_get_bounds Read xpath_get_info xpath_get_info Read xpath_get_text xpath_get_text Read xpath_screenshot xpath_screenshot Read app_current app_current Read app_info app_info Read dump_hierarchy dump_hierarchy Read info info Read save_dump_hierarchy save_dump_hierarchy Read save_screenshot save_screenshot Read window_size window_size Read xpath_exists xpath_exists Read xpath_save_screenshot xpath_save_screenshot
OTHER 3 tools
Other reset_toast reset_toast Other delay delay Other disconnect disconnect
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about uiautomator2 MCP Server

Can an AI agent delete data through the uiautomator2 MCP Server MCP server? +

Yes. The uiautomator2 MCP Server server exposes 5 destructive tools including app_clear, app_uninstall, app_uninstall_all. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through uiautomator2 MCP Server? +

The uiautomator2 MCP Server server has 1 write tools including write_clipboard. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach uiautomator2 MCP Server.

How many tools does the uiautomator2 MCP Server MCP server expose? +

77 tools across 4 categories: Destructive, Execute, Read, Write. 21 are read-only. 56 can modify, create, or delete data.

How do I enforce a policy on uiautomator2 MCP Server? +

Register the uiautomator2 MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every uiautomator2 MCP Server tool call.

Deterministic rules across all 77 uiautomator2 MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON UIAUTOMATOR2 →

Free to start. No card required.

77 uiautomator2 MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.