{"id":"verygoodplugins-whatsapp-mcp","name":"whatsapp-mcp","homepage":null,"repo_url":"https://github.com/verygoodplugins/whatsapp-mcp","category":"communication","subcategories":[],"tags":["mcp","model-context-protocol","whatsapp","agent-tools","go","fastmcp","sqlite","webhooks","media"],"what_it_does":"An MCP server that bridges an AI client (e.g., Claude Desktop/Cursor) to WhatsApp by letting the agent search contacts and chats, read message history from a local SQLite store, and send text and media via a locally running WhatsApp “bridge” (Go) and webhook forwarding for incoming messages.","use_cases":["Agent-assisted WhatsApp support: look up recent messages and draft replies","Automated internal workflows that read WhatsApp messages and forward them to an external system via webhook","Contact discovery: resolve names from phone numbers/JIDs","Lightweight personal assistant: retrieve message context and send text/media to known contacts/groups"],"not_for":["Production-grade multi-tenant deployments without additional access controls","Use in environments where storing WhatsApp message content locally is disallowed","High-assurance compliance workflows without further security review and audit"],"best_when":"You run it locally/single-user, want agent-driven access to your own WhatsApp data, and can control network exposure to the bridge/webhook endpoints.","avoid_when":"You cannot safely handle sensitive messaging data (PII/secrets), or you need strict safeguards against prompt injection/data exfiltration and unauthorized tool use.","alternatives":["Other WhatsApp automation tools (e.g., Twilio WhatsApp, Meta Cloud API) paired with an LLM tool layer","Custom WhatsApp integrations using whatsmeow with your own tool/API surface","General-purpose MCP wrappers around a supported messaging API (where available)"],"af_score":54.0,"security_score":41.5,"reliability_score":31.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:32:41.142474+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["WhatsApp Web QR login via WhatsApp Web session"],"oauth":false,"scopes":false,"notes":"No user-facing OAuth/scoped authorization is described for the MCP tools; access appears to be controlled by local process/network exposure and the WhatsApp session created via QR authentication."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source project; cost is infrastructure/compute and any external webhook receiver costs."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":54.0,"security_score":41.5,"reliability_score":31.2,"mcp_server_quality":70.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":35.0,"scope_granularity":10.0,"dependency_hygiene":45.0,"secret_handling":60.0,"security_notes":"Security concerns: explicit prompt-injection/exfiltration risk is called out. The system stores WhatsApp messages locally in SQLite and can forward incoming messages to an external webhook, increasing data handling risk. App-level authorization/scoped tool permissions are not described; WhatsApp authentication is via QR-based session, but access control for who can call MCP tools appears to rely on local deployment/network controls. TLS and detailed error handling, auth headers, and rate limiting are not described in the README.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":35.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"limit-based","retry_guidance_documented":false,"known_agent_gotchas":["Potential prompt-injection risk when the agent is allowed to read/send sensitive message content (explicitly warned in README).","Media downloads/sends may require correct message_id/chat_jid context; the agent must supply both for download_media.","Local SQLite storage means agents should be constrained to only the data they are authorized to access (README mentions “only sent to Claude when you allow it”, but enforcement details are not specified).","Bridge is a local service; if exposed on a network, tool access may be reachable without strong app-level auth (not described)."]}}