npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@appknox/mcp-server

v1.0.1

Published

Official Model Context Protocol (MCP) server for Appknox - enables AI assistants to perform mobile application security testing

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

subho007subho007ginilpgginilpg

Keywords

mcpmodel-context-protocolappknoxsecuritymobile-securityappsecsecurity-testingsastdastvulnerability-scanningandroidiosaillmclaude

Readme

Appknox MCP Server

A Model Context Protocol server that wraps the Appknox CLI for mobile application security testing.

Prerequisites

Installation

npm install -g @appknox/mcp-server

Configuration

Authentication

Configure your access token using Appknox CLI:

appknox init

This will prompt for your access token and save it to ~/.config/appknox.json.

Alternatively, set the APPKNOX_ACCESS_TOKEN environment variable if you prefer not to use the config file.

For additional configuration options (API host, region, proxy), see Appknox CLI documentation.

Claude Desktop Setup

Add to your Claude Desktop config:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "appknox": {
      "command": "npx",
      "args": ["-y", "@appknox/mcp-server"]
    }
  }
}

If you haven't run appknox init, you can set the token directly in the config:

{
  "mcpServers": {
    "appknox": {
      "command": "npx",
      "args": ["-y", "@appknox/mcp-server"],
      "env": {
        "APPKNOX_ACCESS_TOKEN": "your-token-here"
      }
    }
  }
}

Environment Variables

| Variable | Description | Default | |----------|-------------|---------| | APPKNOX_ACCESS_TOKEN | Your Appknox API access token | Read from ~/.config/appknox.json | | APPKNOX_CLI_PATH | Absolute path to the Appknox CLI binary | /usr/local/bin/appknox | | LOG_LEVEL | Logging level (debug, info, warn, error) | info |

If the Appknox CLI is installed in a non-standard location, set APPKNOX_CLI_PATH:

{
  "mcpServers": {
    "appknox": {
      "command": "npx",
      "args": ["-y", "@appknox/mcp-server"],
      "env": {
        "APPKNOX_CLI_PATH": "/opt/homebrew/bin/appknox"
      }
    }
  }
}

Restart Claude Desktop after updating.

Available Tools

The MCP server exposes Appknox CLI commands as tools:

| Tool | Description | |------|-------------| | appknox_whoami | Show current authenticated user information | | appknox_organizations | List all organizations accessible to the user | | appknox_projects | List projects with optional filtering by platform, package name, or search query | | appknox_files | List all files (app versions) for a specific project. Requires project_id | | appknox_analyses | List security analysis results (vulnerabilities) for a file. Requires file_id | | appknox_vulnerability | Get detailed information about a specific vulnerability | | appknox_owasp | Fetch OWASP category details by ID | | appknox_upload | Upload an APK/IPA file for security scanning. Returns file_id | | appknox_cicheck | Check vulnerabilities against a risk threshold (for CI/CD pipelines) | | appknox_sarif | Generate a SARIF report for integration with code analysis tools | | appknox_reports_create | Create a vulnerability report for a file | | appknox_reports_download | Download vulnerability report as CSV. Returns content directly | | appknox_dastcheck | Check DAST (dynamic scan) status and results |

Tool Workflow

Most tools require IDs that come from other tools:

appknox_projects → project_id → appknox_files → file_id → appknox_analyses
                                                       → appknox_reports_download
                                                       → appknox_cicheck
                                                       → appknox_sarif

Usage Examples

Basic Queries

"Who am I logged in as?"
"List all my organizations"
"Show me all my Android projects"
"List iOS projects with package name containing 'com.example'"

Working with Projects and Files

"List all files for project ID 1234"
"Show me the latest scan results for project 'MyApp'"
"What vulnerabilities were found in file ID 56789?"

Uploading and Scanning

"Upload /Users/me/Downloads/myapp.apk for security scanning"
"Upload the app at /Users/me/Desktop/app.ipa and tell me the file ID"

Important: File paths must be absolute paths on your local machine (e.g., /Users/username/Downloads/app.apk). Drag-and-drop uploads or sandbox paths won't work.

Security Analysis

"Show all critical and high vulnerabilities for file ID 12345"
"Check if file ID 12345 passes the security threshold for 'high' risk"
"Run a CI check on file 12345 with medium risk threshold"

Reports and Documentation

"Download the vulnerability report for file ID 12345"
"Generate a SARIF report for file 12345 with high risk threshold"
"Get details about vulnerability ID 67890"
"What is OWASP M1_2016?"

CI/CD Integration Scenarios

"Upload /path/to/app.apk and check if it has any critical vulnerabilities"
"Scan the app and fail if there are any high-risk issues"
"Generate a SARIF report I can upload to GitHub Security"

Dynamic Analysis (DAST)

"Check the DAST scan status for file ID 12345"
"What are the dynamic scan results for file 12345 with medium risk threshold?"

Troubleshooting

Appknox CLI not found: Verify installation with which appknox Authentication failed: Check your token with echo $APPKNOX_ACCESS_TOKEN Debug logging: Set LOG_LEVEL=debug in your environment

Development

# Clone and build
git clone https://github.com/appknox/appknox-mcp.git
cd appknox-mcp
npm install
npm run build

# add to mcp config
 "appknox": {
    "command": "node",
    "args": ["/abosolute/path/to/appknox-mcp/build/index.js"]
  }

See CONTRIBUTING.md for contribution guidelines.

Resources

License

MIT