MCP server for static security analysis of Android source code
MCP server for static security analysis of Android application source code. Runs on Cloudflare Workers as a remote MCP server over Streamable HTTP. Analyzes Android project source files — without building the project — and returns a structured security report. The analysis covers: Manifest analysis — exported components, dangerous permissions, cleartext traffic, debug flags, backup settings, SDK…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
MCP server for static security analysis of Android application source code. Runs on Cloudflare Workers as a remote MCP server over Streamable HTTP. Analyzes Android project source files — without building the project — and returns a structured security report. The analysis covers: Manifest analysis — exported components, dangerous permissions, cleartext traffic, debug flags, backup settings, SDK versions Gradle/build config — release build misconfigurations, outdated SDKs, suspicious…