android-mcp

v0.2.0 suspicious
4.0
Medium Risk

Lightweight MCP Server for Android Operating System

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks in terms of network calls, shell execution, obfuscation, and credential handling. However, it exhibits signs of low maintainer effort, raising suspicion about its legitimacy and potential maintenance issues.

  • Low maintainer effort
  • No clear red flags but still suspicious
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution patterns are used to interact with the Android Debug Bridge (ADB), suggesting legitimate functionality for managing Android devices.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer effort and could be suspicious, but lacks clear red flags like typosquatting or unusual domain usage.

📦 Package Quality Overall: Low (4.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8228 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 29 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 8 unique contributor(s) across 49 commits in CursorTouch/Android-MCP
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • try: result = subprocess.run( ['adb', 'devices'], capture_output=True, te
  • try: result = subprocess.run( ['adb', 'connect', serial], capture_output=
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository CursorTouch/Android-MCP appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with android-mcp 
Your task is to create a simple yet powerful remote control application for Android devices using the 'android-mcp' package. This application will enable users to control their Android device from another computer or device over a network connection. The application should have the following core functionalities:

1. **Device Connection**: Users should be able to connect their Android device to the MCP server running on their computer. The application must handle both Wi-Fi and USB connections.
2. **Basic Controls**: Implement basic controls such as screen lock/unlock, volume up/down, home button press, etc.
3. **File Transfer**: Allow users to transfer files between the Android device and the computer. This includes both sending and receiving files.
4. **Notification Management**: Enable users to view and dismiss notifications on their Android device directly from the application.
5. **Battery Information**: Provide real-time battery status information including percentage, charging status, and time until full charge.
6. **Logging and Debugging**: Include a logging feature that captures all interactions between the client and the Android device for debugging purposes.
7. **Security Measures**: Ensure that the application has robust security measures in place, such as encryption for data transfer and authentication mechanisms for user access.

**Utilizing 'android-mcp' Package**:
- Use 'android-mcp' to establish the MCP server on the computer side and manage the connection to the Android device.
- Leverage the package's capabilities to send commands and receive responses efficiently.
- Explore the documentation of 'android-mcp' to understand its APIs and integrate them into your application for handling various functionalities.

Your goal is to create a user-friendly, efficient, and secure application that showcases the potential of the 'android-mcp' package. Make sure to document your code well and include comments explaining your implementation choices.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!