What it does

JADX-AI-MCP is a two-part bridge: a Java plugin for the JADX decompiler and a Python MCP server. Together they expose the guts of an Android APK—classes, methods, smali, manifest, resources, even debugger state—as tools that any MCP-compatible LLM can call. You point Claude (or another client) at a decompiled app and ask it to find hardcoded secrets, trace xrefs, or suggest renames. The LLM invokes tools over HTTP; the plugin translates those into JADX GUI actions and ships structured results back.

The interesting bit

The project treats the decompiler as a live database rather than a static viewer. Twenty-five MCP tools cover everything from fetch_current_class() to debug_get_stack_frames(), with paginated search and cross-reference lookups. That granularity matters: instead of dumping the whole APK into context and praying the model stays coherent, the LLM pulls exactly what it needs, when it needs it.

Key highlights

• Dual install: grab a JAR for JADX and a Python zip for the MCP server; both are required.
• Debugger integration: the LLM can inspect live stack frames, threads, and variables during APK debugging.
• Refactoring tools: rename classes, methods, fields, packages, and variables programmatically via AI prompts.
• Resource and manifest access: pull AndroidManifest.xml, strings.xml, or arbitrary resource files without manual navigation.
• Sample prompt library included: from “deobfuscate this class” to “does this leak PII?”

Caveats

• The README notes the project is “still in early stage of development, so expects bugs, crashes and logical errors.”
• Setup is split across two repositories and two runtimes (Java 11+, Python 3.10+), so friction is non-zero.

Verdict

Mobile security researchers and reverse engineers already living in JADX will get the most mileage. If you just need to peek at an APK once, the installation overhead probably isn’t worth it.