adb-mcp-server / security
Security review

Is adb-mcp-server MCP safe to give an agent?

destructive capableunknowndestructive capablehealthy

A factual risk summary built from adb-mcp-server’s real tool surface, execution model, and verification history — not a vibe. Trust score 44/100.


01What it can do

Has tools that can delete or irreversibly change data.

21 tools observeddestructive presentwrite present

02Execution model

Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.

Installs via uvx (`uvx adb-mcp-server`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No auth scopes captured yet (scope extraction runs during the sandboxed handshake, gated until configured). Treat unconfirmed scopes as unknown, not as “none.”


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed
last_checked2026-06-30 20:55Z
sourcesPyPI [p4]

Reduce the risk

Wrap adb-mcp-server in a governed Loadout — scoped permissions, approval rules on write/destructive tools, and audit logging — instead of handing your agent raw access.

Build a governed Loadout

See also: full server page · setup · alternatives