{"id":"felixisaac-whatsapp-mcp-extended","name":"whatsapp-mcp-extended","homepage":null,"repo_url":"https://github.com/FelixIsaac/whatsapp-mcp-extended","category":"messaging","subcategories":[],"tags":["ai","mcp","model-context-protocol","whatsapp","messaging","automation","webhooks","self-hosted","python","sqlite"],"what_it_does":"An extended Model Context Protocol (MCP) server that enables programmatic interaction with WhatsApp via ~41 MCP tools (messaging, media, reactions, editing/deleting, chat history, contacts, group management, polls, presence, profile data, blocklist, and “newsletters/channels”). It also includes a webhook system for incoming events with HMAC-SHA256 signatures and retry/backoff, plus a small webhook UI and supporting components (WhatsApp bridge in Go, SQLite storage).","use_cases":["Send and manage WhatsApp messages (text, files, audio) from an agent/workflow","Moderate and administer groups (members, admin roles, leave, metadata)","Implement reactions, message edit/delete workflows, and read/seen status updates","Run polls inside chats and manage their lifecycle","Sync and search chat history / build message context windows for RAG or assistants","React to inbound WhatsApp events in near-real-time via HTTP webhooks","Manage contact metadata such as nicknames","Track presence/online status and subscribe to presence updates"],"not_for":["High-assurance production systems without additional security hardening and operational controls","Use cases requiring official WhatsApp Business API compliance/guarantees beyond community/bridge implementations","Applications that need strong contractual SLA and documented uptime/versioning guarantees from the package itself"],"best_when":"You want a local/self-hosted WhatsApp automation interface for agents and tools (MCP + webhooks) and can manage operational concerns (hosting, secrets, monitoring).","avoid_when":"You cannot secure webhook endpoints/signing secrets, or you need documented, fine-grained rate limiting and robust API contracts for large-scale usage.","alternatives":["Other WhatsApp MCP servers or community WhatsApp gateway projects","WhatsApp Business Platform (official API)","Generic messaging automation platforms (where available)","Build directly on a WhatsApp Web API/bridge stack with your own interface layer"],"af_score":57.5,"security_score":38.0,"reliability_score":36.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:40:16.404735+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:8081 (SSE transport per README; exact MCP server endpoint not explicitly specified)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["MCP server run command (local process)","Webhook verification via HMAC-SHA256 signature (per README)"],"oauth":false,"scopes":false,"notes":"README indicates webhook security uses HMAC-SHA256 signatures, but no specific details are provided in the text about how keys are provisioned/rotated for the webhook UI. Authentication/authorization for the MCP tools themselves is not described in the README excerpt (likely depends on local network/process setup)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source project; no pricing info in provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":57.5,"security_score":38.0,"reliability_score":36.2,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":20.0,"tls_enforcement":35.0,"auth_strength":45.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":45.0,"security_notes":"Webhook security is claimed via HMAC-SHA256 signatures with matching/retry/backoff, which is a positive signal. However, the provided README does not show how webhook secrets are configured, how MCP access is authorized, or whether webhook/UI endpoints are protected when exposed beyond localhost. TLS requirement and secret-handling practices are not documented in the provided text.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":40.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["WhatsApp bridging/connectivity issues may cause failures (e.g., QR/authentication flow and “connected” state).","Tool semantics may not be idempotent (e.g., sending messages/reactions) unless the underlying implementation explicitly de-duplicates.","Webhook matching supports regex/contains; incorrect patterns could cause unintended triggers.","History sync/request older messages may be rate/availability dependent; retries may re-deliver events unless consumer deduplicates."]}}