android-mcp-server

v0.1.1 suspicious
4.0
Medium Risk

MCP Server for Android device control via ADB and scrcpy

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some signs of potential risk, particularly concerning shell execution and metadata quality. However, these factors alone do not definitively indicate malicious intent.

  • Shell risk due to un-sanitized 'adb' command usage
  • Poor metadata quality suggesting low maintainer activity
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require internet access.
  • Shell: The use of shell execution to run 'adb' commands suggests interaction with Android devices, but it may indicate potential risk if the commands are not properly sanitized or if there's unexpected behavior.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising suspicion but not definitive proof of malice.

πŸ“¦ Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present β€” 4 test file(s) found

  • 4 test file(s) detected (e.g. test_client.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3540 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 78 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 33 commits in chldu2000/android-mcp-server
  • Single author but highly active (33 commits)

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • try: result = subprocess.run(cmd, capture_output=True, text=True) except FileNotF
  • try: result = subprocess.run(cmd, capture_output=True) except FileNotFoundError:
  • ] self._process = subprocess.Popen( cmd, stdout=subprocess.PIPE,
  • ile path. """ subprocess.run( ["adb", "-s", serial, "shell", "screencap", "-p
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with android-mcp-server 
Create a Python-based remote control application named 'RemoteADBController' that leverages the 'android-mcp-server' package to provide a user-friendly interface for controlling Android devices over a network. This application will enable users to perform various operations on their Android devices such as screen mirroring, sending commands, and executing shell scripts remotely. Here’s a detailed breakdown of the steps and features you need to implement:

1. **Setup**: Begin by installing the 'android-mcp-server' package using pip. Ensure your environment has Python 3.x installed.
2. **Server Configuration**: Set up a server component using 'android-mcp-server' which listens for incoming connections from client applications. This server should support multiple simultaneous connections.
3. **Client Interface**: Develop a simple GUI using Tkinter that allows users to connect to the server, input commands, and view responses in real-time.
4. **Screen Mirroring**: Implement functionality within the application to start and stop screen mirroring sessions between the Android device and the user's computer using the scrcpy tool integrated into 'android-mcp-server'.
5. **Command Execution**: Allow users to send custom ADB commands to their Android device through the application. These commands could include actions like taking screenshots, installing/uninstalling apps, and more.
6. **Shell Scripts**: Enable users to upload and execute shell scripts directly on the Android device via the server connection.
7. **Connection Management**: Provide options within the GUI to manage active connections, including disconnecting from a device when needed.
8. **Logging**: Integrate logging capabilities to track all activities performed through the application, storing logs locally for future reference.
9. **Security Measures**: Since this application will handle sensitive data, ensure to implement basic security measures such as encrypted communication between the client and server.

This project aims to create a versatile tool for developers and enthusiasts who wish to automate tasks on their Android devices without needing direct physical access.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!