High-risk tools in Ultimate Android MCP
11 of the 35 tools in Ultimate Android MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
execute_adb_shellExecuteExecutes a raw ADB shell command on the connected Android device and returns the output. Requires the `command` parameter, which is the shell command to execute.
-
launch_appExecuteLaunches the app with the specified package name on the connected Android device. Requires the `package_name` parameter, which is the package name of the app to be launched.
-
input_backExecuteSimulates a back button event on the connected Android device. No parameters are required.
-
input_homeExecuteSimulates a home button event on the connected Android device. No parameters are required.
-
input_keyeventExecuteSimulates a key event with the specified keycode on the connected Android device. Requires the `keycode` parameter, which is the keycode of the key to simulate.
-
input_rollExecuteSimulates a rolling gesture with the specified dx and dy values on the connected Android device. Requires `dx` and `dy` parameters, which are the rolling distances in the x and ...
-
input_textExecuteSimulates typing the given text input into the currently focused field on the connected Android device. Requires the `text` parameter, which is the string to be typed.
-
input_pressExecuteSimulates a key press event with the specified keycode on the connected Android device. Requires the `keycode` parameter, which is the keycode of the key to press.
-
input_swipeExecuteSimulates a swipe gesture from (x1, y1) to (x2, y2) with an optional duration on the connected Android device. Requires `x1`, `y1`, `x2`, `y2` parameters for the start and end c...
-
input_tapExecuteSimulates a tap gesture at the specified (x, y) coordinates on the connected Android device screen. Requires `x` and `y` parameters, which are the coordinates of the tap.
-
install_apkExecuteInstalls an APK on the connected Android device. Requires the `apk_path` parameter, which is the path to the APK file to be installed.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.