Is io.github.mobile-next/mobile-mcp safe to use?

io.github.mobile-next/mobile-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.mobile-next/mobile-mcp?

io.github.mobile-next/mobile-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.mobile-next/mobile-mcp?

io.github.mobile-next/mobile-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is io.github.mobile-next/mobile-mcp actively maintained?

io.github.mobile-next/mobile-mcp is actively maintained — last commit was 3 days ago. It has 4,423 GitHub stars.

io.github.mobile-next/mobile-mcp

MCP server for iOS and Android Mobile Development, Automation and Testing

ActiveNot tested

Other

★ 4.4k↓ 13.6k/wknpm GitHub

62BNo CVEsactive

Quick Install

{
  "mcpServers": {
    "mobile-mcp": {
      "args": [
        "-y",
        "@mobilenext/mobile-mcp@latest"
      ],
      "command": "npx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mobile-next-mobile-mcp)](https://mcppedia.org/s/io-github-mobile-next-mobile-mcp)

Should you use this server?

MCP server for iOS and Android Mobile Development, Automation and Testing

✓

Is it safe?

No known CVEs for @mobilenext/mobile-mcp. 2 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 3 days ago. 4,423 stars. 13,582 weekly downloads.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@mobilenext/mobile-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

62B

Last scored 20h ago

How we score →

Security

19/30

No open vulnerabilities. 2 fixed CVEs.

✓

Known CVEs — No known CVEs for @mobilenext/mobile-mcpcheck OSV.dev

○

Tool safety

Advisories (0 open, 2 fixed)

lowCVSS 3.1CVE-2026-35394Fixed

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. ### Details The vulnerable code passes URLs directly to `adb shell am start -a android.intent.action.VIEW -d <url>` without checking the URL scheme. This can enable malicious schemes such as `tel:`, `sms:`, `mailto:`, `conte

Affected: >= 0Fixed in 0.0.50Published Apr 4, 2026source \u2192

lowCVSS 3.1CVE-2026-33989Fixed

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

### Summary The `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. ### Details **File:** `src/server.ts` (lines 584-592) ```typescript tool( "mobile_save_screenshot", "Save Screenshot", "Save a screenshot of the mobile

Affected: >= 0Fixed in 0.0.49Published Mar 27, 2026source \u2192

Frequently Asked Questions

Is io.github.mobile-next/mobile-mcp safe to use?: io.github.mobile-next/mobile-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.mobile-next/mobile-mcp?: io.github.mobile-next/mobile-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.mobile-next/mobile-mcp?: io.github.mobile-next/mobile-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
Is io.github.mobile-next/mobile-mcp actively maintained?: io.github.mobile-next/mobile-mcp is actively maintained — last commit was 3 days ago. It has 4,423 GitHub stars.

io.github.mobile-next/mobile-mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Advisories (0 open, 2 fixed)

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion