High-risk tools in Scrcpy
9 of the 38 tools in Scrcpy are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
app_startExecute 3/5Launch an app on the device. Uses scrcpy START_APP when a session is active for faster launch, falls back to ADB `am start`. Supports force-stop prefix (+) to stop the app befor...
-
app_stopExecute 3/5Force-stop an app on the device.
-
screen_record_startExecute 3/5Start recording the screen. Recording continues until screen_record_stop is called.
-
screen_record_stopExecute 3/5Stop screen recording and optionally pull the file to the host.
-
shell_execExecute 4/5Execute an arbitrary ADB shell command on the device and return the output. Use this for any device operation not covered by other tools.
-
start_sessionExecute 3/5Start a scrcpy session for fast input control and screenshots. When a session is active, tap/swipe/text/screenshot are 10-50x faster. Requires scrcpy-server to be installed.
-
start_video_streamExecute 3/5Start an HTTP MJPEG video stream of the device screen. Opens a native ffplay window that connects to the stream URL. Requires an active scrcpy session.
-
stop_sessionExecute 3/5Stop the active scrcpy session. Tools will fall back to ADB commands.
-
stop_video_streamExecute 3/5Stop the HTTP MJPEG video stream and close the viewer window for a device.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Scrcpy
Enforce policy on Scrcpy
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init