How do I install MobSF MCP Tool?

Install MobSF MCP Tool with a single command: npx mdskills install pullkitsan/mobsf-mcp-server. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support MobSF MCP Tool?

MobSF MCP Tool works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

MobSF MCP Tool

Name: MobSF MCP Tool: AI Agent Skill
Rating: 6 (1 reviews)
Author: pullkitsan

MCP ServerIntermediate

This is an MCP (Model Context Protocol) compatible tool that allows MobSF (Mobile Security Framework) to scan APK and IPA files directly via Claude, 5ire, or any MCP-capable client. MobSF should be installed( and running ) on the system. Download the MCP typescript sdk and rename the folder to sdk. npm should be installed on the system - Supports APK and IPA file scanning - Uses MobSF's REST API t

by @pullkitsan0Updated 1 weeks ago

Add this skill

npx mdskills install pullkitsan/mobsf-mcp-server

Fork & Edit

Skill Advisor6.0

MCP server for mobile app security scanning via MobSF with APK/IPA analysis

+Integrates useful mobile security scanning capabilities through MobSF REST API
+Includes configuration examples for multiple MCP clients (Claude, 5ire)
+Intelligently filters large result fields to prevent response overload
-Manual SDK setup requirement is awkward and non-standard for npm packages
-Missing technical details about tool parameters and expected response format

SKILL.md

Edit in Browser

1# 🛡MobSF MCP Tool
2 
3This is an MCP (Model Context Protocol) compatible tool that allows MobSF (Mobile Security Framework) to scan APK and IPA files directly via Claude, 5ire, or any MCP-capable client.
4 
5 
6 
7# Prerequisites
8 
9* MobSF should be installed( and running ) on the system. 
10* Download the [MCP typescript sdk](https://github.com/modelcontextprotocol/typescript-sdk) and rename the folder to sdk.
11* npm should be installed on the system
12 
13# 🚀 Features
14 
15- Supports APK and IPA file scanning
16 
17- Uses MobSF's REST API to:
18 
19<pre>Upload files
20 
21Trigger scans
22 
23Fetch analysis summary
24 
25Automatically filters large results like strings or secrets (to prevent output overload)
26 
27MCP-compatible interface via server.ts</pre>
28 
29 
30# 🎞️ Installation
31 
32Clone the repo and install dependencies:
33 
34<pre>git clone https://github.com/yourusername/mobsf-mcp.git
35cd mobsf-mcp
36npm install </pre>
37 
38# Troubleshooting
39 
40Go inside mobsf server directory and run 'npx tsx server.ts'.
41Install any missing npm dependency if any.
42 
43 
44# 🔐 Setup
45 
46Copy the .env.example to .env:
47 
48> cp .env.example .env
49 
50Edit .env to include your MobSF API key:
51 
52<pre>MOBSF_API_KEY=YOUR_MOBSF_API_KEY
53 
54MOBSF_URL=http://localhost:8000 </pre>
55 
56 
57# ▶️ Run the Server
58 
59* Add the configuration settings shown at the end for claude AI desktop app, it will automatically run the server.
60 
61* Make sure your MobSF server is running locally at http://localhost:8000.
62 
63# 🧲 Example Input
64 
65* The server exposes tool **scanFile** . So,  use any MCP client to try the following prompt **scan <FILE>.apk** or **scan <FILE>.ipa**. It will scan the IPA or APK file and will analyze the report(json) for you.  
66 
67 
68# 📌 Notes
69 
70- Only .apk and .ipa file types are supported.
71 
72- This tool avoids fetching large fields like raw strings or source code dumps to keep responses fast and compliant with Claude/5ire message limits.
73 
74 
75# ✅ Claude Config file (Example)
76 
77<pre> {
78  "mcpServers": {
79    "mobsf": {
80      "command": "npx",
81      "args": ["tsx", "/absolute/path/to/server.ts"]
82    }
83  }
84} </pre>
85 
86# ✅ 5ire Config file example ( Windows)
87<pre>
88  {
89  "key": "mobsf",
90  "command": "npx",
91  "args": [
92    "tsx",
93    "C:\\Users\\Downloads\\mobsf-mcp-server\\server.js"
94  ]
95}
96</pre>
97 
98

Full transparency — inspect the skill content before installing.