/ Directory / Playground / jadx-mcp-server
← All servers ↗ GitHub
● Community zinja-coder ⚡ Instant

jadx-mcp-server

by zinja-coder · zinja-coder/jadx-mcp-server

Python MCP server for JADX — enables AI assistants to analyze, search, rename, and debug decompiled Android APKs.

jadx-mcp-server is the Python MCP server component that bridges LLMs like Claude with a JADX instance running the jadx-ai-mcp plugin. It provides 25+ tools for Android APK analysis including class/method browsing, manifest inspection, string resource access, cross-reference lookup, variable renaming, and debugger integration. Supports both stdio and HTTP transport.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

jadx-mcp-server.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "jadx-mcp-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "jadx-mcp-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/zinja-coder/jadx-mcp-server"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "jadx-mcp-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/zinja-coder/jadx-mcp-server"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add jadx-mcp-server -- TODO 'See README: https://github.com/zinja-coder/jadx-mcp-server'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use jadx-mcp-server

How to perform a security audit on an Android APK with JADX MCP

👤 Security auditors reviewing Android applications they are authorized to test ⏱ ~60 min intermediate

When to use: You need to review an APK for security vulnerabilities.

Prerequisites
  • JADX with jadx-ai-mcp plugin running with target APK loaded — Install plugin and open the APK in JADX-GUI
  • jadx-mcp-server running — uv run jadx_mcp_server.py
Flow
  1. Check manifest for issues
    Get the AndroidManifest.xml. Check for exported components, dangerous permissions, and debug flags.✓ Copied
    → Security findings from manifest analysis
  2. Search for insecure patterns
    Search for classes that use SharedPreferences, Log.d, or hardcoded URLs. Are there any credentials stored in plain text?✓ Copied
    → List of potential security issues with code locations

Outcome: A security assessment report with specific code-level findings.

Pitfalls
  • ProGuard-obfuscated code is hard to follow — Use rename_variable and rename_class to deobfuscate as you analyze
Combine with: filesystem

Combinations

Pair with other MCPs for X10 leverage

jadx-mcp-server + filesystem

Save security findings and annotated code to report files

Compile all security findings into a report and save to ~/audits/app-audit.md.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
fetch_current_class none Get source code of the class selected in JADX 0
get_all_classes none List all classes in the APK 0
search_classes_by_keyword keyword: str Search for classes by keyword 0
get_android_manifest none Get the AndroidManifest.xml 0
xrefs_to_method class: str, method: str Find cross-references to a method 0
rename_variable class: str, old: str, new: str Rename a variable for deobfuscation 0

Cost & Limits

What this costs to run

API quota
N/A — fully local
Tokens per call
200–2000 tokens per tool call
Monetary
Free
Tip
Use search before fetching full class sources to minimize output.

Security

Permissions, secrets, blast radius

Credential storage: N/A
Data egress: All analysis is local

Troubleshooting

Common errors and fixes

Server can't connect to JADX

Ensure JADX-GUI is running with the jadx-ai-mcp plugin enabled and an APK is loaded.

Verify: Check JADX-GUI for the plugin status indicator
uv not found

Install the uv package manager: curl -LsSf https://astral.sh/uv/install.sh | sh

Verify: uv --version
Empty class list

Make sure an APK file is actually loaded in JADX before connecting.

Verify: Open an APK in JADX-GUI first

Alternatives

jadx-mcp-server vs others

AlternativeWhen to use it insteadTradeoff
jadx-ai-mcp (plugin)You want the complete plugin+server setup as a single packageThis is the server component — you need both the plugin and server

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills