zinja-coder

zinja-coder/jadx-ai-mcp

Java Apache-2.0 Security

Plugin for JADX to integrate MCP server

2.5k stars
232 forks
slow
GitHub +49 / week

2.5k

Stars

232

Forks

6

Open issues

5

Contributors

v6.4.0 28 May 2026

AI Analysis

JADX-AI-MCP is a specialized MCP (Model Context Protocol) server and JADX plugin designed for security professionals and reverse engineers to analyze Android APKs using LLMs like Claude. It automates vulnerability discovery, APK analysis, and reverse engineering workflows by bridging JADX decompilation with AI models—best suited for pentesting teams, security auditors, and mobile app researchers rather than general-purpose development.

Security Security Tool Discovery value: 6/10
Documentation 6/10
Activity 8/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

llm-integration mcp-server android-security reverse-engineering vulnerability-analysis
Actively maintained Popular Niche/specialized use case Apache-2.0 licensed Production ready
Deep Analysis · Based on README and public signals
2w ago

JADX plugin bridges Android reverse engineering and Claude via MCP protocol

JADX-AI-MCP is a plugin that integrates the JADX decompiler with Anthropic's Model Context Protocol (MCP), enabling Claude and other LLMs to analyze decompiled Android APKs in real time. It targets security researchers, malware analysts, and app developers who need AI-assisted code review and vulnerability detection during reverse engineering workflows. Adoption is not yet verified in production settings, but growing contributor and star activity suggest emerging use within the security tooling community.

Origin

Created in April 2025, JADX-AI-MCP emerged as part of the broader Zinja MCP Suite during a period of rapid MCP ecosystem expansion. It positions itself as a specialized adapter between JADX (the established Android decompiler) and Claude's LLM capabilities, rather than as a replacement for either.

Growth

The project gained 2,381 stars in approximately 13 months and has accumulated 224 forks, with 31 stars in the past 7 days (as of June 2026). This suggests sustained interest in the narrow intersection of Android reverse engineering and LLM-assisted code analysis. The presence of 17 named contributors and active maintenance (last push May 28, 2026) indicates a small but engaged team. Growth appears organic within the security/reverse-engineering niche rather than viral mainstream adoption.

In production

Adoption not verified. No case studies, production deployments, or end-user testimonials are documented in the README. The project is likely in early adoption among security tooling enthusiasts, but concrete evidence of production use at scale is absent. Star count and contributor growth suggest interest, but this does not confirm actual deployment in security operations centers or forensic labs.

Code analysis
Architecture

Based on the README, the project appears to follow a client-server architecture: a JADX plugin (Java) communicates via HTTP requests to a separate MCP server (implied Python 3.10+ from badges), which bridges to Claude through the MCP protocol. The high-level sequence diagram shows: LLM Client → MCP Server → HTTP to JADX Plugin → Request Handlers. This suggests modular design, though implementation details are not visible in the README.

Tests

Not documented in README. No testing framework, coverage percentage, or test suite mentioned.

Maintenance

Last push was May 28, 2026 (approximately 1 month before the current date of June 29, 2026), indicating active, recent maintenance. The presence of a ReadTheDocs documentation site and ongoing contributor activity suggests the project is actively maintained rather than dormant. However, commit frequency and velocity are not available; only the most recent push date can be confirmed.

Honest verdict

ADOPT IF: you are a security researcher or malware analyst already using JADX and want Claude's code analysis capabilities integrated into your workflow without custom scripting. AVOID IF: you need a turnkey solution without setting up an external MCP server, or if you require production-grade support and proven stability in security operations. MONITOR IF: you are building MCP-compatible reverse engineering tools and want to evaluate whether this project's approach to plugin integration becomes a pattern others replicate.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

2/10

Risks
  • Adoption not verified in production — project may remain a proof-of-concept or enthusiast tool without crossing into mainstream security tooling.
  • Dependency on external MCP server adds deployment complexity; users must run and maintain both JADX and a separate Python server.
  • Reliance on Claude API calls introduces latency, cost, and external dependency; analysis cannot proceed without LLM connectivity.
  • Small contributor base (17 named contributors) may limit velocity and response to bugs compared to larger reverse-engineering projects.
  • Test coverage not documented; early-stage projects often lack robust testing, increasing risk of crashes or data corruption during analysis.
Prediction

JADX-AI-MCP will likely remain a specialized tool for security researchers and malware analysts who actively use JADX and value Claude's analytical capabilities. It may stabilize and mature over the next 2 years but is unlikely to reach mainstream adoption outside the reverse-engineering niche. The project may inspire similar MCP plugins for other decompilers (IDA, Ghidra) rather than becoming dominant itself.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Java
100%

Information

Language
Java
License
Apache-2.0
Last updated
1mo ago
Created
15mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

mrexodia

mrexodia/ida-pro-mcp

An MCP (Model Context Protocol) server that integrates IDA Pro reverse...

10k Python Security
MCPJam

MCPJam/inspector

MCPJam Inspector is a testing and evaluation platform designed specifically for...

2.1k TypeScript Dev Tools
jgravelle

jgravelle/jcodemunch-mcp

jCodeMunch is an MCP server that uses tree-sitter AST parsing to enable...

2k Python Dev Tools
mcp-use

mcp-use/mcp-use

mcp-use is a fullstack framework for building MCP (Model Context Protocol)...

10.3k TypeScript AI & ML
mobile-next

mobile-next/mobile-mcp

Mobile MCP is a Model Context Protocol server that enables LLMs and agents to...

5.4k TypeScript Mobile
vs. alternatives
ida-pro-mcp

IDA Pro MCP (9,746 stars) targets the same LLM-assisted reverse engineering pattern but for the IDA Pro disassembler rather than JADX. Likely broader adoption due to IDA Pro's larger installed base in security consulting, but JADX-AI-MCP is free and open-source, lowering barrier to entry.

mobile-next/mobile-mcp

Mobile MCP (5,301 stars) appears broader in scope for mobile security; JADX-AI-MCP is narrower and JADX-specific, making it a deeper vertical fit for those already using JADX but lower reach overall.

jcodemunch-mcp

jcodemunch-mcp (1,955 stars) is similar in star count and also targets code analysis via MCP; unclear if it serves Android or broader use cases. Position and differentiation relative to JADX-AI-MCP are not obvious from metadata alone.

Raw JADX plugin ecosystem

JADX itself has plugins; building AI integration via MCP is novel versus traditional in-app plugins, offering LLM flexibility but requiring external server setup.

Claude integration via direct API

Users could call Claude directly on decompiled code; MCP adds standardization and tooling support, but adds complexity and potential latency versus direct API calls.