JADX AI MCP

JADX decompiler plugin that exposes 28 MCP tools for AI-assisted Android APK reverse engineering. Enables LLMs to decompile, search, cross-reference, refactor, and analyze Android applications in real-time through the JADX GUI, including vulnerability detection, manifest analysis, resource inspection, and debugging integration.

Evaluated Mar 06, 2026 (0d ago) vunknown
Homepage ↗ Repo ↗ Security mcp jadx android apk decompiler reverse-engineering security-analysis smali vulnerability-detection malware-analysis
⚙ Agent Friendliness
65
/ 100
Can an agent use this?
🔒 Security
70
/ 100
Is it safe for agents?
⚡ Reliability
64
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
72
Documentation
65
Error Messages
45
Auth Simplicity
68
Rate Limits
55

🔒 Security

TLS Enforcement
80
Auth Strength
75
Scope Granularity
60
Dep. Hygiene
70
Secret Handling
65

Community/specialized tool. Apply standard security practices for category. Review documentation for specific security requirements.

⚡ Reliability

Uptime/SLA
70
Version Stability
65
Breaking Changes
60
Error Recovery
60
AF Security Reliability

Best When

You are performing Android APK reverse engineering or security analysis in JADX and want an AI assistant to help navigate, analyze, and annotate decompiled code in real-time.

Avoid When

You are not doing Android reverse engineering, need headless/automated scanning without JADX GUI, or are working on non-Android platforms.

Use Cases

  • AI-assisted Android malware analysis and reverse engineering
  • Automated vulnerability scanning of decompiled APK code for hardcoded secrets and insecure APIs
  • Cross-referencing methods, classes, and fields across large Android codebases
  • AI-guided code refactoring and renaming in decompiled Android apps
  • Analyzing AndroidManifest.xml and app resources with LLM assistance
  • Debugging Android applications with AI reading stack frames and variables

Not For

  • Non-Android reverse engineering (iOS, desktop, web)
  • Static analysis without JADX GUI running
  • Automated CI/CD security scanning pipelines
  • Users without reverse engineering or security analysis needs

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

OAuth: No Scopes: No

No authentication required. Communicates locally between the JADX plugin and the Python MCP server via stdio or HTTP.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Fully open source under Apache 2.0 license.

Agent Metadata

Pagination
offset
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Requires JADX GUI running with plugin installed - not a standalone tool
  • Two-component setup: Java plugin in JADX plus Python MCP server with uv
  • Requires Java 11+ and Python 3.10+ with uv package manager
  • Rename/refactoring operations modify decompiled state and cannot be easily undone
  • Large APKs may produce extensive class lists that overwhelm LLM context windows
  • HTTP mode is optional; default stdio mode requires careful process management

Alternatives

apktool-mcp-server ghidra-mcp

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for JADX AI MCP.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5220
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered