Skip to main content
Glama
Serhatcck

mobile-security-mcp

by Serhatcck

ios_binary_strings

Extracts and filters strings from iOS app binaries to detect security-relevant patterns such as API keys, URLs, and credentials for vulnerability analysis.

Instructions

Extracts printable strings from an iOS app binary and filters for security-relevant patterns: HTTP/S URLs, API keys, AWS/Firebase/Google credentials, email addresses, and private IP addresses.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
ipa_pathYesAbsolute path to the IPA file to analyze
filterNoFilter output: all | url (HTTP endpoints) | key (API key patterns) | email | ip (private IPs)all
min_lengthNoMinimum string length to include (default 6)
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of disclosing behavioral traits. It only describes the extraction and filtering function without mentioning potential side effects, resource requirements, or performance characteristics. The tool is likely read-only, but this is not stated.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, dense sentence that front-loads the core action and immediately specifies the security relevance. No unnecessary words; every part serves a purpose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple tool with 3 well-documented parameters and clear output expectations (list of filtered strings), the description is largely sufficient. It covers the input, the operation, and the filtering criteria. Lacking an output schema, a brief mention of the return format would improve completeness, but it is still adequate.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the baseline is 3. The description adds value by listing specific pattern categories (e.g., 'AWS/Firebase/Google credentials') that elaborate on the filter enum's options, helping the agent understand what each filter value targets beyond the schema's brief descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states a specific verb ('extracts') and resource ('printable strings from an iOS app binary'), and explicitly mentions security-relevant patterns it filters for, such as URLs, API keys, and credentials. This clearly distinguishes it from sibling tools like ios_secrets_scanner, which may have a different focus.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description does not provide any guidance on when to use this tool versus alternatives like ios_secrets_scanner or ios_frameworks_detector. It lacks explicit context for optimal usage, exclusions, or prerequisites, leaving the agent to infer when it should be invoked.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Serhatcck/mobile-security-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server