41
/ 100
1 month ago
glama

DeepADB

A comprehensive MCP server that enables AI agents to interact with Android devices through Android Debug Bridge (ADB), offering 198 tools for device control, app management, diagnostics, and more.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tool descriptions don’t match what handlers do
7 tools describe read intent but their handlers mutate — adb_farm_matrix (line 23: execFile(cmd, args, { timeout, maxBuffer: 1024 * 1024 * 5, windowsHide: true }, (error, stdout, stde…); adb_avd_list (line 100: execFile(emulatorPath, ["-list-avds"], {); adb_forward_list (line 173: ctx.bridge.exec(["forward", "--list"], {)
⚠️
Known vulnerabilities in dependencies: 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: DA_AUTH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies2 high

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

high@modelcontextprotocol/sdk@1.24.0GHSA-345p-7cg4-v4c7

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

high@modelcontextprotocol/sdk@1.24.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configADB_PATHAuto-detect Path to ADB binary (ignored in on-device mode)
configANDROID_HOME
configANDROID_SDK_ROOT
configDA_ALLOWED_COMMANDS(none) Comma-separated allowlist (if set, only matching commands run)
configDA_ASCII_ONLY
configDA_AUDIT_LOGtrue Log all executed commands for audit trail (set to false to disable)
🔐 secretDA_AUTH_TOKEN(none — open) Bearer token for network transports. When set, all HTTP/SSE/WS/GraphQL requests require Authorization: Bearer <token> header. Health endpoints exempt.
configDA_BLOCKED_COMMANDS(none) Comma-separated list of blocked shell command substrings
configDA_CACHE_TTL5000 Device list cache TTL in milliseconds (0 = disabled)
configDA_CI_PING_TARGET
configDA_DEVICE(auto) Default device serial (auto-selects if single device)
configDA_GRAPHQL_CORS_ORIGIN(none — deny) Allowed CORS origin for GraphQL API
configDA_GRAPHQL_PORT4000 npm start
configDA_HTTP_CORS_ORIGIN(none — deny) Allowed CORS origin for HTTP/SSE
configDA_HTTP_HOST127.0.0.1 Bind address for HTTP/SSE, WebSocket, and GraphQL servers
configDA_HTTP_PORT3000 npm start # HTTP/SSE — for remote AI access over WiFi
configDA_LOCALAuto-detection: Checks for /system/build.prop (present on all Android devices, never on hosts). Override with =true or DA_LOCAL=false.
configDA_LOG_LEVELinfo Log level: debug, info, warn, error
configDA_MAX_LOGCAT500 Max logcat lines per snapshot
configDA_MAX_OUTPUT50000 Max output characters before truncation
configDA_PLUGIN_DIR{tempDir}/plugins Directory to scan for plugin .js modules at startup
configDA_RATE_LIMIT0 Max commands per minute (0 = unlimited)
configDA_REGISTRY_URLGitHub default URL of the community plugin registry JSON manifest
configDA_RESOURCE_CACHE_TTL_MS0 (disabled) MCP Resource cache TTL in ms. Set to a positive value to cache resource reads (device://info, device://battery, etc.) for that duration.
configDA_RESULT_HANDLE_DIR{tempDir}/result-handles Storage root for tempdir-backed tool result handles. Override to relocate the store off the default temp directory.
configDA_RESULT_HANDLE_MAX_BYTES5242880 (5 MB) Per-handle size cap. Tools attempting to store a content block larger than this fail with an error.
configDA_RESULT_HANDLE_MAX_COUNT100 Maximum number of active handles. Triggers LRU eviction when exceeded.
configDA_RESULT_HANDLE_TOTAL_BYTES104857600 (100 MB) Total result-handle store size cap across all handles. Triggers LRU eviction when exceeded.
configDA_RESULT_HANDLE_TTL43200 (12h) Per-handle TTL in seconds. Handles older than this are evicted on startup sweep and during periodic eviction. Bounded to [60, 7 days].
configDA_RETRY_COUNT1 Number of retries for transient ADB failures
configDA_RETRY_DELAY500 Base retry delay in ms (doubles each attempt)
configDA_SECURITYfalse Enable security middleware (command filtering, rate limiting)
configDA_TEMP_DIROS temp Temp directory for screenshots, pulled files, bug reports, test sessions, snapshots
configDA_TEST_PIN(none) Numeric PIN used by tests/test-ui-control.mjs to exercise screen-lock/unlock tests. Without it, the 4 lock-state tests skip. Format: DA_TEST_PIN=0000 npm test.
configDA_TIMEOUT30000 Default command timeout in milliseconds
configDA_WORKFLOW_REGISTRY_URL(derived from DA_REGISTRY_URL) URL of the workflow marketplace JSON manifest
configDA_WS_CORS_ORIGIN(none — deny) Allowed CORS origin for WebSocket health endpoint
configDA_WS_PORT3001 npm start
configProgramFiles
configTERM
configTERM_PROGRAM
configWT_SESSION
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 9 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/fullread-deepadb-f97je9)](https://m8ven.ai/mcp/fullread-deepadb-f97je9)
commit: 4fbc7e074bd07a8b743ee7424642f73b9e671094
code hash: c1e302247f7793fe7f252c2209b4e569929389dac41e41ebfec508d8efbb6245
verified: 6/10/2026, 11:03:34 AM
view raw JSON →