DevLab MCP Suite

71 tools. 43 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

43 can modify or destroy data
28 read-only
71 tools total

Community server · catalogue entry verified 03/07/2026

How to control DevLab MCP Suite ↓

What DevLab MCP Suite exposes to your agents

Read (28) Write / Execute (40) Destructive / Financial (3)
Critical Risk

The most dangerous DevLab MCP Suite tools

43 of DevLab MCP Suite's 71 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control DevLab MCP Suite

PolicyLayer is an MCP gateway — it sits between your AI agents and DevLab MCP Suite, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "android_clear_app_data": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "android_manage_permissions": {
    "limits": [
      {
        "counter": "android_manage_permissions_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "adb_devices": {
    "limits": [
      {
        "counter": "adb_devices_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register DevLab MCP Suite — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON DEVLAB MCP SUITE →

Instant setup, no code required.

All 71 DevLab MCP Suite tools

EXECUTE 34 tools
Execute android_force_stop_app Force stop an Android app by package using a profile from config/apps.json. Execute android_input_text Type text with adb shell input text. Execute android_install_apk Install a debug APK using adb install -r. Execute android_launch_app Launch an Android app using a profile from config/apps.json. Execute android_open_app_settings Open the system Settings > App Info screen for a given package. Uses android.settings.APPLICATION_DETAILS_SETT Execute android_run_shell Advanced tool: run a simple adb shell command on the connected Android device. Execute android_run_workflow Run a declarative app workflow from config/apps.json. Optionally capture a full evidence session. Execute android_send_debug_intent Send a configured app debug broadcast intent from config/apps.json. Execute android_send_intent Send a generic Android broadcast intent with optional extras. Supports string, integer, and boolean extras. Us Execute android_set_bluetooth Enable or disable Bluetooth on the device. Best-effort: may be blocked by OEM restrictions or Android version. Execute android_set_volume Set the volume level for a given audio stream (default: 3 = media). Execute android_start_activity Launch an arbitrary Android component (package/activity). Optionally specify an intent action. No config profi Execute android_stop_session Finalize a session: capture logcat, current app, device info, and generate final-report.md. Execute android_swipe Run adb shell input swipe with coordinates and optional duration. Execute android_tap Run adb shell input tap with x/y coordinates. Execute android_tap_resource Shortcut for tapping a node by resource-id. Execute android_tap_text Shortcut for tapping a visible text node. Execute android_tap_ui Find a UI node by text or resource-id and tap its center. Execute android_wait_for_ui Wait until a UI node appears by text or resource-id. Execute browser_click Click at absolute pixel coordinates. Execute browser_click_percent Click using viewport-relative percentage coordinates. Ideal for canvas games. Execute browser_click_text Click the first element containing the given text. Execute browser_evaluate_game_state Evaluate a JavaScript expression to inspect game state (score, level, lives, etc.). Expression runs in page co Execute browser_evaluate_js Execute JavaScript in the page context and return the result. Use for game state inspection, debug hooks, etc. Execute browser_open Launch a Chromium browser (headless or headed) for testing. Execute browser_open_url Navigate browser to a URL. Execute browser_press_key Send a keyboard key press to the page. Use Playwright key names (Enter, Space, ArrowUp, KeyA, etc.). Execute browser_run_workflow Execute a predefined workflow from a profile (e.g., galaxy-raiders/smoke-menu). Execute browser_start_session Begin an evidence-gathering session for screenshots and structured reporting. Execute browser_stop_session Finalize the evidence session and generate the final report. Execute browser_type_text Type text into the currently focused element. Execute browser_wait Wait for a specified duration in milliseconds. Execute browser_wait_for_canvas_change Poll the canvas element until its content changes (via toDataURL comparison). Useful for detecting frame updat Execute browser_wait_for_selector Wait until an element matching the CSS selector appears in the page.
READ 28 tools
Read adb_devices List Android devices currently visible to adb. Read android_app_info Returns package info including versionName, versionCode, install time, update time, and requested permissions. Read android_capture_state Capture screenshot, UI hierarchy, and basic device metadata together. Read android_current_app Returns the package and activity name of the app currently in focus. Uses dumpsys window and dumpsys activity Read android_device_info Returns manufacturer, model, Android version, SDK level, ABI, battery level, and charging status. Read android_find_ui Dump and search Android UI hierarchy nodes by text or resource-id. Read android_generate_report Create a basic debug bundle with screenshot, UI dump, logcat, metadata, and device info. Read android_get_session_report Read the final-report.md for a completed session. The session must be stopped first. Read android_list_apps List app profiles from config/apps.json with package, activity, workflows, and debug intents. Read android_list_packages List packages installed on the device via pm list packages. Optionally filter by case-insensitive substring. Read android_list_sessions List existing session directories with metadata (name, status, step count, duration). Read android_list_workflows List workflows configured for all apps or a specific app profile. Read android_read_logcat Read logcat output filtered by manual tags or app profile tags. Read android_screenshot Capture a PNG screenshot using adb exec-out screencap -p. Read android_ui_dump Capture the current Android UI hierarchy using uiautomator dump. Read browser_capture_fps Try to read FPS counter from the page (looks for fps-counter, .fps, window.__fps, window.fpsCounter). Returns Read browser_get_console_logs Retrieve all browser console messages collected since opening the page. Read browser_get_page_errors Retrieve uncaught JavaScript errors from the page. Read browser_get_session_report Read the final report for a completed session. Read browser_list_profiles List available project profiles (galaxy-raiders, etc.). Read browser_list_sessions List recent evidence sessions. Read browser_list_workflows List available workflows for a profile. Read browser_record_trace Capture screenshots at 100ms intervals for N seconds. Saves first frame + frame-count metadata. Read browser_screenshot Capture a full-page or viewport screenshot. Read browser_screenshot_canvas Capture just a canvas element by selector. Useful for game evidence. Read visual_compare_folder Compare all images in baselineDir against matching filenames in actualDir. Generates a results JSON and option Read visual_compare_images Compare two PNG images pixel-by-pixel. Returns changed pixels count, percentage, pass/fail, and optionally gen Read visual_generate_report Load a visual-results.json file and generate a markdown report with summary, failures, and diff image referenc

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about DevLab MCP Suite

Can an AI agent delete data through the DevLab MCP Suite MCP server? +

Yes. The DevLab MCP Suite server exposes 3 destructive tools including android_clear_app_data, android_clear_logcat, android_uninstall_app. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through DevLab MCP Suite? +

The DevLab MCP Suite server has 6 write tools including android_manage_permissions, android_record_video, android_session_step. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach DevLab MCP Suite.

How many tools does the DevLab MCP Suite MCP server expose? +

71 tools across 4 categories: Destructive, Execute, Read, Write. 28 are read-only. 43 can modify, create, or delete data.

How do I enforce a policy on DevLab MCP Suite? +

Register the DevLab MCP Suite MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every DevLab MCP Suite tool call.

Deterministic rules across all 71 DevLab MCP Suite tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

71 DevLab MCP Suite tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// WHERE THIS COMES FROM

These policies come from DevLab MCP Suite's registry record.

The record behind this page: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.