frida-c2-mcp
frida-c2-mcp (FridaC2MCP) is an MCP server that exposes Frida dynamic instrumentation over a networked, streamable HTTP transport. It is intended to run entirely on rooted Android and jailbroken iOS devices, translating MCP/HTTP requests into Frida operations such as process/application management, attaching sessions, and executing/injecting bundled JavaScript Frida scripts.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
High-risk remote instrumentation C2-style design. README disclaimer states communication is unencrypted and unauthenticated. No session management and no form of security are provided according to the documentation. Dependency hygiene cannot be fully verified from the provided content; iOS includes many custom-built components, which increases supply-chain/patch-management considerations.
⚡ Reliability
Best When
Used on isolated networks for proof-of-concept experimentation, where the operator controls the device and network and understands the risks of exposing instrumentation capabilities over HTTP.
Avoid When
Avoid on public/shared networks or any environment where untrusted parties might reach the device endpoint; avoid if you need encryption/authentication, strong auditability, or stable session semantics.
Use Cases
- • Agent-driven mobile security testing and automated dynamic instrumentation on-device
- • Remote orchestration of Frida sessions via MCP-compatible clients (e.g., Gemini CLI / Claude Code)
- • Attaching to running mobile processes and injecting hooks/scripts remotely
- • Multi-device automated workflows for instrumentation and analysis
Not For
- • Production use on shared/public networks
- • Environments requiring secure remote access or strong authentication
- • Use cases that disallow rooting/jailbreaking or dynamic code instrumentation
- • Workflows that need robust session management and safe multi-tenant isolation
Interface
Authentication
README/disclaimer indicates lack of any form of security for communication: unencrypted and unauthenticated. No auth methods or scope model are documented.
Pricing
Open-source project; pricing not applicable.
Agent Metadata
Known Gotchas
- ⚠ Designed as a proof-of-concept; README explicitly mentions lack of proper session management and graceful error handling.
- ⚠ Network-exposed instrumentation endpoint may require isolated network conditions and careful client-side throttling.
- ⚠ iOS build details suggest non-trivial on-device dependencies; environment mismatches may cause operational issues.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for frida-c2-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.