jadx-daemon-mcp
Verified Safeby wrlu
Overview
Provides a daemon service for Jadx decompiler to analyze Android applications (APKs, DEX files) and their components programmatically via an HTTP API.
Installation
python3 jadx-daemon-mcp/server.pyEnvironment Variables
- JADX_DAEMON_MCP_HOST
- JADX_DAEMON_MCP_PORT
Security Notes
The Java server defaults to listening on 'localhost', which is good for security, but can be configured to listen on other interfaces via `JADX_DAEMON_MCP_HOST`. User-provided `filePath` and `dirPath` parameters are used to create `File` objects directly. While checks for existence and file/directory type are performed, this relies on Jadx itself to safely handle potentially malicious paths (e.g., path traversal attempts if Jadx were vulnerable to reading arbitrary system files, though Jadx is designed for specific archive/binary types). There are no apparent direct command injection vulnerabilities from user input. The `preprocess_manifest` function in `server.py` attempts to sanitize XML from the Java backend to prevent parsing errors, which indicates robust handling but does not introduce new security risks.
Similar Servers
jadx-ai-mcp
Facilitates AI-powered analysis of Android APKs within JADX for vulnerability assessment and reverse engineering via Model Context Protocol (MCP).
jadx-mcp-server
Provides an MCP server for LLMs to perform automated Android APK reverse engineering, vulnerability analysis, and manifest parsing by interacting with a JADX-AI-MCP plugin.
kom
Manages Kubernetes clusters and resources, providing an SDK-level wrapper for kubectl/client-go with Multi-Cluster Proxy (MCP) server capabilities.
easy-code-reader
Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.