{"id":"verygoodplugins-whatsapp-mcp","name":"whatsapp-mcp","af_score":54.0,"security_score":41.5,"reliability_score":31.2,"what_it_does":"An MCP server that bridges an AI client (e.g., Claude Desktop/Cursor) to WhatsApp by letting the agent search contacts and chats, read message history from a local SQLite store, and send text and media via a locally running WhatsApp “bridge” (Go) and webhook forwarding for incoming messages.","best_when":"You run it locally/single-user, want agent-driven access to your own WhatsApp data, and can control network exposure to the bridge/webhook endpoints.","avoid_when":"You cannot safely handle sensitive messaging data (PII/secrets), or you need strict safeguards against prompt injection/data exfiltration and unauthorized tool use.","last_evaluated":"2026-04-04T19:32:41.142474+00:00","has_mcp":true,"has_api":true,"auth_methods":["WhatsApp Web QR login via WhatsApp Web session"],"has_free_tier":false,"known_gotchas":["Potential prompt-injection risk when the agent is allowed to read/send sensitive message content (explicitly warned in README).","Media downloads/sends may require correct message_id/chat_jid context; the agent must supply both for download_media.","Local SQLite storage means agents should be constrained to only the data they are authorized to access (README mentions “only sent to Claude when you allow it”, but enforcement details are not specified).","Bridge is a local service; if exposed on a network, tool access may be reachable without strong app-level auth (not described)."],"error_quality":0.0}