Plugin for JADX to integrate MCP server
2.5k
Stars
232
Forks
6
Open issues
5
Contributors
AI Analysis
JADX-AI-MCP is a specialized MCP (Model Context Protocol) server and JADX plugin designed for security professionals and reverse engineers to analyze Android APKs using LLMs like Claude. It automates vulnerability discovery, APK analysis, and reverse engineering workflows by bridging JADX decompilation with AI models—best suited for pentesting teams, security auditors, and mobile app researchers rather than general-purpose development.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
JADX plugin bridges Android reverse engineering and Claude via MCP protocol
JADX-AI-MCP is a plugin that integrates the JADX decompiler with Anthropic's Model Context Protocol (MCP), enabling Claude and other LLMs to analyze decompiled Android APKs in real time. It targets security researchers, malware analysts, and app developers who need AI-assisted code review and vulnerability detection during reverse engineering workflows. Adoption is not yet verified in production settings, but growing contributor and star activity suggest emerging use within the security tooling community.
Created in April 2025, JADX-AI-MCP emerged as part of the broader Zinja MCP Suite during a period of rapid MCP ecosystem expansion. It positions itself as a specialized adapter between JADX (the established Android decompiler) and Claude's LLM capabilities, rather than as a replacement for either.
The project gained 2,381 stars in approximately 13 months and has accumulated 224 forks, with 31 stars in the past 7 days (as of June 2026). This suggests sustained interest in the narrow intersection of Android reverse engineering and LLM-assisted code analysis. The presence of 17 named contributors and active maintenance (last push May 28, 2026) indicates a small but engaged team. Growth appears organic within the security/reverse-engineering niche rather than viral mainstream adoption.
Adoption not verified. No case studies, production deployments, or end-user testimonials are documented in the README. The project is likely in early adoption among security tooling enthusiasts, but concrete evidence of production use at scale is absent. Star count and contributor growth suggest interest, but this does not confirm actual deployment in security operations centers or forensic labs.
Based on the README, the project appears to follow a client-server architecture: a JADX plugin (Java) communicates via HTTP requests to a separate MCP server (implied Python 3.10+ from badges), which bridges to Claude through the MCP protocol. The high-level sequence diagram shows: LLM Client → MCP Server → HTTP to JADX Plugin → Request Handlers. This suggests modular design, though implementation details are not visible in the README.
Not documented in README. No testing framework, coverage percentage, or test suite mentioned.
Last push was May 28, 2026 (approximately 1 month before the current date of June 29, 2026), indicating active, recent maintenance. The presence of a ReadTheDocs documentation site and ongoing contributor activity suggests the project is actively maintained rather than dormant. However, commit frequency and velocity are not available; only the most recent push date can be confirmed.
ADOPT IF: you are a security researcher or malware analyst already using JADX and want Claude's code analysis capabilities integrated into your workflow without custom scripting. AVOID IF: you need a turnkey solution without setting up an external MCP server, or if you require production-grade support and proven stability in security operations. MONITOR IF: you are building MCP-compatible reverse engineering tools and want to evaluate whether this project's approach to plugin integration becomes a pattern others replicate.
Independent dimensions
Mainstream potential
3/10
Technical importance
6/10
Adoption evidence
2/10
- Adoption not verified in production — project may remain a proof-of-concept or enthusiast tool without crossing into mainstream security tooling.
- Dependency on external MCP server adds deployment complexity; users must run and maintain both JADX and a separate Python server.
- Reliance on Claude API calls introduces latency, cost, and external dependency; analysis cannot proceed without LLM connectivity.
- Small contributor base (17 named contributors) may limit velocity and response to bugs compared to larger reverse-engineering projects.
- Test coverage not documented; early-stage projects often lack robust testing, increasing risk of crashes or data corruption during analysis.
JADX-AI-MCP will likely remain a specialized tool for security researchers and malware analysts who actively use JADX and value Claude's analytical capabilities. It may stabilize and mature over the next 2 years but is unlikely to reach mainstream adoption outside the reverse-engineering niche. The project may inspire similar MCP plugins for other decompilers (IDA, Ghidra) rather than becoming dominant itself.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Java
- License
- Apache-2.0
- Last updated
- 1mo ago
- Created
- 15mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
[BUG] Rename failed
[BUG] get_resource_file() 500 error
[BUG] codex cli 无法加载jadx mcp
[BUG] rename_method lacks class_name parameter — causes wrong-class renames on duplicate method names
[FEATURE] refactor and enhance tools
Open pull requests
No open pull requests.
Top contributors
Similar repos
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
2.5k | +49 | Java | 7/10 | 1mo ago |
|
|
10k | — | Python | 7/10 | 3w ago |
|
|
2.1k | — | TypeScript | 8/10 | 6h ago |
|
|
2k | — | Python | 8/10 | 17h ago |
|
|
10.3k | — | TypeScript | 8/10 | 12h ago |
|
|
5.4k | — | TypeScript | 8/10 | 1w ago |
IDA Pro MCP (9,746 stars) targets the same LLM-assisted reverse engineering pattern but for the IDA Pro disassembler rather than JADX. Likely broader adoption due to IDA Pro's larger installed base in security consulting, but JADX-AI-MCP is free and open-source, lowering barrier to entry.
Mobile MCP (5,301 stars) appears broader in scope for mobile security; JADX-AI-MCP is narrower and JADX-specific, making it a deeper vertical fit for those already using JADX but lower reach overall.
jcodemunch-mcp (1,955 stars) is similar in star count and also targets code analysis via MCP; unclear if it serves Android or broader use cases. Position and differentiation relative to JADX-AI-MCP are not obvious from metadata alone.
JADX itself has plugins; building AI integration via MCP is novel versus traditional in-app plugins, offering LLM flexibility but requiring external server setup.
Users could call Claude directly on decompiled code; MCP adds standardization and tooling support, but adds complexity and potential latency versus direct API calls.
