High-risk tools in Android MCP Server
15 of the 22 tools in Android MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
android_execute_commandExecuteExecute a generic ADB command with custom arguments. Allows agents to run any ADB command with their own parameters.
-
android_input_textExecuteInput text into the currently focused field on the Android device via ADB
-
android_launch_appExecuteLaunch an Android app by package name
-
android_send_key_eventExecuteSend a key event to the Android device (e.g., KEYEVENT_HOME, KEYEVENT_BACK, KEYEVENT_ENTER)
-
android_start_scrcpy_streamExecuteStart scrcpy streaming for continuous fast frame capture (requires scrcpy installed)
-
android_stop_scrcpy_streamExecuteStop scrcpy streaming
-
android_swipeExecutePerform a swipe gesture between two coordinates
-
android_touchExecuteSimulate a touch event at specific screen coordinates
-
android_uiautomator_clear_textExecuteClear text from a UI element by resource ID
-
android_uiautomator_clickExecuteClick on a UI element by resource ID using UIAutomator
-
android_uiautomator_double_clickExecutePerform a double click on a UI element by resource ID
-
android_uiautomator_long_clickExecutePerform a long click on a UI element by resource ID
-
android_uiautomator_scroll_in_elementExecuteScroll within a specific UI element
-
android_uiautomator_toggle_checkboxExecuteToggle a checkbox element by resource ID
-
android_uiautomator_waitExecuteWait for a UI element to appear by resource ID
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.