Both　benign　and　malicious　developers　are　attracted　to　Android　platform　because　anyone　is　allowed　to　publish　applications　on　the　Android　market.　Such　capability　leak　vulnerability　on　the　Android　platform　may　lead　to　permission　elevation　and　privacy　disclosure　by　making　malware　bypass　Android　security　mechanism.　This　paper　presents　a　code　scanner　tool-Droidprotector　which　is　applied　to　help　developers　search　bugs　and　focus　on　the　business　of　applications　rather　than　the　security　problems.　Firstly,　Markov　blanket　is　used　for　feature　selection.　Secondly,　source　code　is　analyzed　by　a　machine-leaning　method.　Finally,　malicious　intents　and　capability　leaks　are　detected.　By　collecting　3482　applications　and　59　source　files　to　learn　Markov　blanket　as　the　feature　set　and　testing　this　code　scanner　tool,　the　experimental　results　show　that　DroidProtector　can　detect　the　vulnerability　of　Android　source　code　effectively　by　using　Markov　blanket　to　select　features　correctly.　©　2017　IEEE.