A Model Context Protocol server that wraps the Appknox CLI for mobile application security testing.
- Node.js 18 or higher
- Appknox CLI - See installation instructions
- Appknox Access Token - Get from Appknox Dashboard → Settings → Developer Settings
npm install -g @appknox/mcp-serverConfigure your access token using Appknox CLI:
appknox initThis will prompt for your access token and save it to ~/.config/appknox.json.
Alternatively, set the APPKNOX_ACCESS_TOKEN environment variable if you prefer not to use the config file.
For additional configuration options (API host, region, proxy), see Appknox CLI documentation.
Add to your Claude Desktop config:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"appknox": {
"command": "npx",
"args": ["-y", "@appknox/mcp-server"]
}
}
}If you haven't run appknox init, you can set the token directly in the config:
{
"mcpServers": {
"appknox": {
"command": "npx",
"args": ["-y", "@appknox/mcp-server"],
"env": {
"APPKNOX_ACCESS_TOKEN": "your-token-here"
}
}
}
}Restart Claude Desktop after updating.
The MCP server exposes all Appknox CLI commands as tools:
Information: whoami, organizations, projects, files, analyses, vulnerability, owasp
Actions: upload, cicheck, sarif, reports_create, reports_download, schedule_dast, dastcheck
Simply ask Claude to perform security testing tasks in natural language.
"Upload /path/to/app.apk and scan for high-risk vulnerabilities"
"List all my Android projects"
"Generate a SARIF report for file ID 12345"
"Get vulnerability details for vulnerability ID 67890"
Appknox CLI not found: Verify installation with which appknox
Authentication failed: Check your token with echo $APPKNOX_ACCESS_TOKEN
Debug logging: Set LOG_LEVEL=debug in your environment
# Clone and build
git clone https://github.com/appknox/appknox-mcp.git
cd appknox-mcp
npm install
npm run build
# Run locally
npm startSee CONTRIBUTING.md for contribution guidelines.
MIT