Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"mobile-mcp": {
"args": [
"-y",
"@mobilenext/mobile-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/mobile-mcp)
Read me
What Mobile Mcp does
This is a Model Context Protocol (MCP) server that enables scalable mobile automation, development through a platform-agnostic interface, eliminating the need for distinct iOS or Android knowledge. You can run it on emulators, simulators, and real devices (iOS and Android). This server allows Agents and LLMs to interact with native iOS/Android applications and devices through structured accessibility snapshots or coordinate-based taps based on screenshots.
Test This Server
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@mobilenext/mobile-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
90/100across 5 weighted dimensions
0255075100
30
19
16
15
10
−10
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.dev2 fixed
CVE-2026-35394low · fixedCVSS 3.1
@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. ### Details The vulnerable code passes URLs directly to `adb shell am start -a android.intent.action.VIEW -d <url>` without checking the URL scheme. This can enable malicious schemes such as `tel:`, `sms:`, `mailto:`, `conte
CVE-2026-33989low · fixedCVSS 3.1
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
### Summary The `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. ### Details **File:** `src/server.ts` (lines 584-592) ```typescript tool( "mobile_save_screenshot", "Save Screenshot", "Save a screenshot of the mobile
Inventory
Tools (19)
Click any tool to inspect its schema.
~867 tokens total
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Mobile Mcp safe to use?
- Mobile Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
- How do I install Mobile Mcp?
- Mobile Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What can Mobile Mcp do?
- Mobile Mcp provides 19 tools: mobile_list_available_devices, mobile_get_screen_size, mobile_get_orientation, mobile_set_orientation, mobile_list_apps and 14 more. See the full tools list on the server page for descriptions and parameters.
- What AI clients work with Mobile Mcp?
- Mobile Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
- Is Mobile Mcp actively maintained?
- Mobile Mcp is actively maintained — last commit was 1 day ago. It has 4,951 GitHub stars.
Related
Similar servers
Others in developer-tools
X
XcodeBuildMCP97XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
5.6k 1
Supabase MCP Server97Manage Supabase projects — databases, auth, storage, and edge functions
2.7k 4
XcodeBuildMCP97A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
5.6k 2
G
Mcp Gitlab96MCP server for using the GitLab API
1.5k 12
MCP Security Weekly
Get CVE alerts and security updates for Mobile Mcp and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.