This is an MCP (Model Context Protocol) compatible tool that allows MobSF (Mobile Security Framework) to scan APK and IPA files directly via Claude, 5ire, or any MCP-capable client.
- MobSF should be installed( and running ) on the system.
- Download the MCP typescript sdk and rename the folder to sdk.
- npm should be installed on the system
-
Supports APK and IPA file scanning
-
Uses MobSF's REST API to:
Upload files Trigger scans Fetch analysis summary Automatically filters large results like strings or secrets (to prevent output overload) MCP-compatible interface via server.ts
Clone the repo and install dependencies:
git clone https://github.com/yourusername/mobsf-mcp.git cd mobsf-mcp npm install
Go inside mobsf server directory and run 'npx tsx server.ts'. Install any missing npm dependency if any.
Copy the .env.example to .env:
cp .env.example .env
Edit .env to include your MobSF API key:
MOBSF_API_KEY=YOUR_MOBSF_API_KEY MOBSF_URL=http://localhost:8000
-
Add the configuration settings shown at the end for claude AI desktop app, it will automatically run the server.
-
Make sure your MobSF server is running locally at http://localhost:8000.
- The server exposes tool scanFile . So, use any MCP client to try the following prompt scan .apk or scan .ipa. It will scan the IPA or APK file and will analyze the report(json) for you.
-
Only .apk and .ipa file types are supported.
-
This tool avoids fetching large fields like raw strings or source code dumps to keep responses fast and compliant with Claude/5ire message limits.
{
"mcpServers": {
"mobsf": {
"command": "npx",
"args": ["tsx", "/absolute/path/to/server.ts"]
}
}
}
{
"key": "mobsf",
"command": "npx",
"args": [
"tsx",
"C:\\Users\\Downloads\\mobsf-mcp-server\\server.js"
]
}