High-risk tools in Scrcpy
9 of the 38 tools in Scrcpy are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
app_startExecuteLaunch an app on the device. Uses scrcpy START_APP when a session is active for faster launch, falls back to ADB `am start`. Supports force-stop prefix (+) to stop the app befor...
-
app_stopExecuteForce-stop an app on the device.
-
screen_record_startExecuteStart recording the screen. Recording continues until screen_record_stop is called.
-
screen_record_stopExecuteStop screen recording and optionally pull the file to the host.
-
shell_execExecuteExecute an arbitrary ADB shell command on the device and return the output. Use this for any device operation not covered by other tools.
-
start_sessionExecuteStart a scrcpy session for fast input control and screenshots. When a session is active, tap/swipe/text/screenshot are 10-50x faster. Requires scrcpy-server to be installed.
-
start_video_streamExecuteStart an HTTP MJPEG video stream of the device screen. Opens a native ffplay window that connects to the stream URL. Requires an active scrcpy session.
-
stop_sessionExecuteStop the active scrcpy session. Tools will fall back to ADB commands.
-
stop_video_streamExecuteStop the HTTP MJPEG video stream and close the viewer window for a device.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.