APK Security Guard MCP Suite

63 tools. 10 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
53 read-only
63 tools total

Community server · catalogue entry verified 03/07/2026

How to control APK Security Guard MCP Suite ↓

What APK Security Guard MCP Suite exposes to your agents

Read (53) Write / Execute (7) Destructive / Financial (3)
Critical Risk

The most dangerous APK Security Guard MCP Suite tools

10 of APK Security Guard MCP Suite's 63 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control APK Security Guard MCP Suite

PolicyLayer is an MCP gateway — it sits between your AI agents and APK Security Guard MCP Suite, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "clean_flowdroid_workspace": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "modify_resource_file": {
    "limits": [
      {
        "counter": "modify_resource_file_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_connection": {
    "limits": [
      {
        "counter": "check_connection_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register APK Security Guard MCP Suite — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON APK SECURITY GUARD MCP SUITE →

Instant setup, no code required.

All 63 APK Security Guard MCP Suite tools

READ 53 tools
Read check_connection Check if the JEB plugin is running Read clean_project Clean a project directory to prepare for rebuilding. Read compareApps Compare scan results by two hashes. Read decode_apk Decode an APK file using APKTool Read find_leak_components_source Find exported components without permissions and get their source code path. Read find_leak_manifest Find exported components without permission restrictions in AndroidManifest.xml Read generatePdfReport Generate PDF security report by hash. Returns PDF as base64 string. Read get_apk_components ��ȡָ��APK�ļ�AndroidManifest.xml�������������Ĵ�����������ԣ����ؽṹ���б��� Read get_apk_info ��ȡָ��APK�ļ��Ļ�����Ϣ�������������汾�š���Activity�ȡ� Read get_apk_permissions ��ȡָ��APK�ļ�AndroidManifest.xml������������Ȩ�ޣ�����Ȩ���ַ����б��� Read get_apktool_yml Get apktool.yml information from a decoded APK project. Read get_class_decompiled_code get_class_decompiled_code Read get_class_hierarchy Returns the inheritance hierarchy of a class. Read get_class_references Returns all references to a specific class in the codebase. Read get_class_source Returns the full decompiled source code of a given class. Read get_exported_components ��ȡ����exported=true����ʽ����������������ԣ����ؽṹ���б��� Read get_field_details Returns detailed information about a field including type and modifiers. Read get_fields_of_class Returns all field names declared in the specified class. Read get_flowdroid_sinks Get taint sinks from FlowDroid analysis Read get_flowdroid_sources Get taint sources from FlowDroid analysis Read get_intent_filters ��ȡָ��APK�ļ����������Activity/Service/Receiver����intent-filter����action/category/data����Ϣ�����ؽṹ���б��� Read get_manifest Get the AndroidManifest.xml content from a decoded APK project. Read get_method_annotations Returns all annotations on a specific method. Read get_method_callers Get the callers of the given method in the APK file, the passed in method_signature needs to be a fully-qualif Read get_method_calls Returns all method calls made within a specific method. Read get_method_code Returns only the source code block of a specific method within a class. Read get_method_decompiled_code get_method_decompiled_code Read get_method_overrides Get the overrides of the given method in the APK file, the passed in method_signature needs to be a fully-qual Read get_method_signature Returns the full signature of a method including return type and parameters. Read get_methods_of_class Returns all method names declared in the specified class. Read get_resource_file Get content of a specific resource file. Read get_smali_file Get content of a specific smali file by class name. Read getJsonReport Generate and retrieve a comprehensive security analysis report in JSON format for a scanned mobile application Read getJsonReportSection Get a specific section of the MobSF JSON report by hash and section name. Read getJsonReportSections Get all top-level section names of the MobSF JSON report. Read getRecentScans Retrieve a list of recently performed security scans on the MobSF server, showing mobile applications that hav Read getScanLogs Retrieve detailed scan logs for a previously analyzed mobile application using its hash value. These logs cont Read getScanTasks Get scan tasks queue (async scan queue must be enabled). Read getScorecard Get MobSF Application Security Scorecard by hash. Read list_all_classes Returns a paginated list of class names. Read list_broadcast_receivers ��ȡ����BroadcastReceiver����intent-filter��Ϣ�����ؽṹ���б��� Read list_resources List resources in a project, optionally filtered by resource type. Read list_smali_directories List all smali directories in a project Read list_smali_files List smali files in a specific smali directory, optionally filtered by package prefix. Read listAllHashes Get all report MD5 hash values. Read listSuppressions View suppressions associated with a scan. Read ping Do a simple ping to check server is alive and running Read search_class_by_name Search for class names that contain the given query string (case-insensitive). Read search_in_files Search for a pattern in files specified extensions. Read search_method_by_name Searches for all methods matching the provided name. Read search_method_by_return_type Search methods by their return type. Read searchScanResult Search scan results by hash, app name, package name, or file name. Read viewSource View source files by hash, file path, and type.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about APK Security Guard MCP Suite

Can an AI agent delete data through the APK Security Guard MCP Suite MCP server? +

Yes. The APK Security Guard MCP Suite server exposes 3 destructive tools including clean_flowdroid_workspace, deleteScan, deleteSuppression. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through APK Security Guard MCP Suite? +

The APK Security Guard MCP Suite server has 5 write tools including modify_resource_file, modify_smali_file, suppressByFiles. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach APK Security Guard MCP Suite.

How many tools does the APK Security Guard MCP Suite MCP server expose? +

63 tools across 4 categories: Destructive, Execute, Read, Write. 53 are read-only. 10 can modify, create, or delete data.

How do I enforce a policy on APK Security Guard MCP Suite? +

Register the APK Security Guard MCP Suite MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every APK Security Guard MCP Suite tool call.

Deterministic rules across all 63 APK Security Guard MCP Suite tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

63 APK Security Guard MCP Suite tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.