Android MCP Server

80 tools. 35 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

35 can modify or destroy data
45 read-only
80 tools total

Community server · catalogue entry verified 30/06/2026

How to control Android MCP Server ↓

What Android MCP Server exposes to your agents

Read (45) Write / Execute (31) Destructive / Financial (4)
Critical Risk

The most dangerous Android MCP Server tools

35 of Android MCP Server's 80 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Android MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Android MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "send_sms": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "clipboard_history_clear": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "clipboard": {
    "limits": [
      {
        "counter": "clipboard_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "adb_status": {
    "limits": [
      {
        "counter": "adb_status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Android MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ANDROID →

Instant setup, no code required.

All 80 Android MCP Server tools

EXECUTE 24 tools
Execute adb_connect Connect ADB wirelessly (Android 12+). Get pairing code from Wireless Debugging settings. Execute cancel_job ⏹️ 取消正在运行的后台任务。 Execute click_by_class Find element by class name and tap it. Execute click_by_id Find element by resource ID and tap it. Execute click_by_text Find element by text and tap it. More robust than manual tap_screen. Execute execute_command execute_command Execute force_stop_app Force stop an Android app (kills background processes). Execute get_fingerprint Prompt for fingerprint authentication. Execute open_app Launch an Android app by package name. Execute open_url Open URL in default browser. Execute restart_android Restart termux-mcp service (~2-3s downtime). Memory state is lost, file changes persist. Execute send_notification Send a notification. Execute set_volume Set volume. stream: music/ring/alarm/notification/system/call. volume: 0-15. Execute shizuku_hide 隐藏 Shizuku 小窗(缩到右上角极小尺寸 + force-stop App UI)。 Execute shizuku_resize shizuku_resize Execute shizuku_restart 重启 Shizuku App(先 force-stop 再重新打开)。 Execute shizuku_show 显示/启动 Shizuku App 窗口。 Execute show_toast Show a toast message. Execute text_to_speech Speak text aloud via TTS. Execute toggle_torch Toggle flashlight on/off. Execute vibrate Vibrate phone. force=True to vibrate in silent mode. Execute wait_for_element Wait for element to appear (polling). Returns element info or timeout error. Execute watchdog_start 🛡️ 启动 Shizuku Watchdog 守护(Termux 被杀后自动拉起 MCP)。 Execute watchdog_stop ⏹️ 停止 Shizuku Watchdog 守护。
READ 45 tools
Read adb_status Check ADB/Shizuku installation and connection status. Read app_usage_stats Get app usage stats for recent days. Read clipboard_history Show recent clipboard history (in-memory, lost on restart). Read device_health One-shot device health: battery + storage + memory + WiFi + CPU + processes. Read device_health_report Check termux-mcp service health (uptime, PID, log size). For auto-recovery. Read dismiss_notification Dismiss a notification by ID. Read find_element Find UI element by text/resource_id/class/content_desc. Returns position (no tap). Read get_battery_status Get battery status: level, temperature, charging state, health, voltage, current. Read get_current_app Get the currently focused app (package + activity). Read get_device_info Get device model, Android version, kernel, architecture, uptime. Read get_foreground_app Get foreground app info (package + activity). Read get_job_status 📊 查看后台任务的状态和输出。 Read get_location Get phone location. Read get_screen_brightness Get screen brightness (requires Shizuku/ADB on Android 12+). Read get_screen_size Get screen resolution (width x height). Read get_sensor_list List all available sensors on the device. Read get_storage_info Get storage usage (disk space). Read get_telephony_cell_info Get cellular cell info: CID, LAC, signal level, ARFCN. Read get_telephony_info Get telephony device info: carrier, network type, SIM state, IMEI, etc. Read get_ui_state Get structured UI state: interactive elements list + optional annotated screenshot. Read get_volume Get current volume levels for all audio streams. Read get_wifi_info Get WiFi connection info: SSID, BSSID, IP, signal strength, link speed, frequency. Read github_get_file Read repo file or list directory. Read github_list_branches List repo branches. Read github_list_issues List repo issues. state: open/closed/all. Read github_list_repos List user's repos. sort: updated/created/pushed/full_name. Read github_refresh_token Manually refresh GitHub token (re-reads gh CLI config and env vars). Read github_repo Get repo info: stars, forks, description, license. Read github_repo_languages Get repo language breakdown. Read github_search Search GitHub. search_type: repositories/code/issues. Read list_adb_devices List connected ADB devices (USB + WiFi) with serial, state, and model. Read list_android_packages List Android apps/packages. filter_keyword to narrow (e.g. 'camera'). Read list_contacts List contacts (name, phone, email). Read list_installed_packages List installed Termux packages (dpkg). Read list_notifications List active notifications. Read list_running_apps List running processes with CPU/memory usage. Read list_sms List SMS. Types: inbox/sent/draft/all. Read read_file Read a text file (up to 10MB, auto-detects encoding). Read read_sensor Read data from a sensor. Read scan_wifi Scan nearby WiFi networks (requires location permission). Read search_files search_files Read search_files_tree 🌳 树状搜索结果:以目录树形式展示匹配的文件(替代扁平列表)。 Read shizuku_status 查看 Shizuku 的运行状态:App 进程、shizuku_server 守护进程、rish 可用性。 Read watchdog_status 📊 查看 Shizuku Watchdog 运行状态。 Read wifi_qr_code Generate a WiFi QR code string (WIFI:S:<SSID>;T:<type>;P:<password>;;).

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Android MCP Server

Can an AI agent move money through the Android MCP Server MCP server? +

Yes. The Android MCP Server server exposes 1 financial tools including send_sms. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Android MCP Server MCP server? +

Yes. The Android MCP Server server exposes 3 destructive tools including clipboard_history_clear, file_delete, file_trash. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Android MCP Server? +

The Android MCP Server server has 7 write tools including clipboard, dir_create, edit_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Android MCP Server.

How many tools does the Android MCP Server MCP server expose? +

80 tools across 4 categories: Destructive, Execute, Read, Write. 45 are read-only. 35 can modify, create, or delete data.

How do I enforce a policy on Android MCP Server? +

Register the Android MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Android MCP Server tool call.

Deterministic rules across all 80 Android MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

80 Android MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.