High-risk tools in AndroJack MCP
6 of the 22 tools in AndroJack MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
android_build_and_publishExecute 3/5Complete Android build pipeline and Play Store publishing reference. Covers: R8/ProGuard configuration (keep rules, shrink, obfuscate, mapping.txt recovery), Gradle Version Cata...
-
android_code_validatorExecute 5/5CALL THIS AFTER GENERATING EVERY ANDROID CODE BLOCK. This is the Level 3 loop-back gate: validates AI-generated Kotlin, XML, and Gradle code against 24 Android-specific rules be...
-
android_scalability_guideExecute 3/5Architecture patterns for Android apps serving millions to billions of users. Covers: Paging 3 with RemoteMediator (infinite lists without OOM), offline-first sync with WorkMana...
-
android_wearos_guideExecute 3/5Wear OS development reference — Wear OS 5 (API 35), Material 3 Expressive for Wear (stable Aug 2025). CRITICAL: Wear OS uses DIFFERENT Compose dependencies than phone apps. AI t...
-
android_xr_guideExecute 3/5Android XR SDK reference (Developer Preview 3, December 2025). Samsung Galaxy XR launched October 2025. 5+ XR devices expected in 2026. Standard Compose apps run as 2D panels on...
-
gradle_dependency_checkerExecute 4/5Live version lookup for any Android, Kotlin, or Jetpack library from Google Maven and Maven Central. ALWAYS call this before adding or updating any dependency in build.gradle.kt...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on AndroJack MCP
Enforce policy on AndroJack MCP
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init