JADX MCP Server

JADX MCP server enabling AI agents to interact with JADX — the leading Android APK and Java decompiler — querying decompiled Java/Kotlin source code from Android apps, searching class structures and method implementations, and integrating JADX's decompilation capabilities into agent-driven Android reverse engineering and mobile security research workflows.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Developer Tools jadx android decompiler mcp-server reverse-engineering apk java-decompiler
⚙ Agent Friendliness
75
/ 100
Can an agent use this?
🔒 Security
77
/ 100
Is it safe for agents?
⚡ Reliability
68
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
68
Documentation
70
Error Messages
67
Auth Simplicity
95
Rate Limits
88

🔒 Security

TLS Enforcement
80
Auth Strength
75
Scope Granularity
72
Dep. Hygiene
70
Secret Handling
88

Local JADX instance. No credentials. Community MCP (reputable author). Analyze APKs in isolated environment.

⚡ Reliability

Uptime/SLA
70
Version Stability
68
Breaking Changes
68
Error Recovery
65
AF Security Reliability

Best When

A mobile security researcher needs AI-assisted Android app analysis — querying JADX-decompiled code to understand app behavior, find vulnerabilities, or analyze malware.

Avoid When

You're analyzing iOS apps, native ARM code, or working on non-Android targets.

Use Cases

  • Querying decompiled Android app source code from mobile security agents
  • Searching for specific methods or classes in APK decompilations from RE agents
  • Analyzing Android malware behavior from threat intelligence agents
  • Understanding third-party Android SDK implementations from integration agents
  • Auditing Android app security from mobile security assessment agents
  • Researching Android app APIs and data flows from privacy research agents

Not For

  • iOS app analysis (JADX is Android/Java/Kotlin only; use Ghidra for iOS)
  • Teams without JADX installed locally
  • Native code analysis (JADX handles Java bytecode, not native .so files)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No
OpenAPI Spec ↗

Authentication

Methods: none
OAuth: No Scopes: No

No authentication — connects to JADX local server. JADX must be running with server mode enabled. Local process communication only.

Pricing

Model: free
Free tier: Yes
Requires CC: No

JADX is free open source. MCP server from LaurieWired (mobile security researcher) is free. No licensing costs.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • JADX must be running in server mode with target APK loaded before MCP can query it
  • JADX decompilation quality varies — obfuscated apps produce hard-to-read output
  • APK must be decompiled before querying — initial decompilation can take several minutes for large apps
  • Class and method names may be obfuscated (a.b.c style) — agents need to handle this
  • MCP from LaurieWired — reputable mobile security researcher; smaller contributor base
  • Java/Kotlin decompiled code is approximate — may not be 100% correct for complex bytecode

Alternatives

ida-mcp-rs gdb-mcp-server ida-mcp-server

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for JADX MCP Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5220
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered