Mobile Mcp

Mobile MCP

CommunityActiveNot testedUpdated 4/3/2026

Other

★ 4.3knpm

Edit this page

MCPpedia
Score

No CVEsActivestdio

How we score →

Should you use this server?

Mobile MCP

✓

Is it safe?

No known CVEs for @mobilenext/mobile-mcp. 1 previously resolved.

No authentication — any process on your machine can connect to this server.

License not specified.

Last scanned 0 days ago.

✓

Is it maintained?

Last commit 0 days ago. 4,311 GitHub stars.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

0 tools. Token cost not measured.

What if it doesn't work?

Common issues: JSON syntax errors in config, wrong Node.js version, npx cache. Setup guide covers troubleshooting. Or check GitHub issues for known problems.

Quick Install

{
  "mcpServers": {
    "mobile-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@mobilenext/mobile-mcp"
      ]
    }
  }
}

Setup guide

Auto-generated from package name. Add to your client's MCP config file.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y @mobilenext/mobile-mcp 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

76B

Scored 2h ago

How we score →

Security

27/30

Last scanned 2h ago

No open vulnerabilities. 1 fixed CVE.

✓

CVEs — 1 fixed CVE — update to 0.0.49check OSV.dev \u2192

○

Authentication — None required — easy to connect

✗

License — Not specified

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2026-33989Fixed

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

### Summary The `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. ### Details **File:** `src/server.ts` (lines 584-592) ```typescript tool( "mobile_save_screenshot", "Save Screenshot", "Save a screenshot of the mobile

Affected: >= 0Fixed in 0.0.49Published Mar 27, 2026source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/mobile-mcp)](https://mcppedia.org/s/mobile-mcp)