DEV.co
MCP Servers · lharries

whatsapp-mcp

WhatsApp MCP is a Go/Python bridge that connects your personal WhatsApp account to Claude or Cursor, allowing AI agents to search, read, and send messages directly from WhatsApp. Messages and media are stored locally in SQLite, sent to the LLM only on-demand through controlled tools.

Source: GitHub — github.com/lharries/whatsapp-mcp
5.9k
GitHub stars
1.2k
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorylharries/whatsapp-mcp
Ownerlharries
Primary languageGo
LicenseMIT — OSI-approved
Stars5.9k
Forks1.2k
Open issues207
Latest releasev0.0.1 (2025-04-06)
Last updated2025-07-13
Sourcehttps://github.com/lharries/whatsapp-mcp

What whatsapp-mcp is

A two-component system: a Go bridge using the whatsmeow library to connect to WhatsApp Web's multidevice API with QR authentication, and a Python MCP server exposing standardized tools (search, list, send) for LLM integration. Local SQLite persistence; no cloud storage of messages.

Quickstart

Get the whatsapp-mcp source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/lharries/whatsapp-mcp.gitcd whatsapp-mcp# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

AI-powered WhatsApp assistant for personal use

Leverage Claude to draft replies, summarize conversations, search message history, and send responses without leaving your LLM interface. Useful for individuals managing high message volume.

Automated customer/contact engagement workflows

Route incoming WhatsApp messages through Claude for intelligent filtering, response drafting, or triage before human review. Supports media handling (images, documents, voice).

Local-first message analytics and retrieval

Query personal WhatsApp data (contacts, chats, media) via Claude without sending raw conversations to external APIs. SQLite-backed persistence maintains full control over message storage.

Implementation considerations

  • Requires Go 1.x and Python 3.6+ environments; Windows users must enable CGO and install a C compiler (MSYS2 recommended). macOS/Linux setup is more straightforward.
  • WhatsApp Web authentication via QR code scanning; expect ~20-day re-authentication intervals and potential device-linking issues if you have multiple connected devices.
  • SQLite database grows with message history; media files are downloaded on-demand via the `download_media` tool to avoid bloating the database. Plan storage and archival.
  • FFmpeg is optional but strongly recommended for sending voice messages; without it, audio must be pre-converted to .ogg Opus format.
  • Project is pre-release; expect breaking changes, potential data loss if you delete `.db` files for sync recovery, and ongoing API stability risk.

When to avoid it — and what to weigh

  • You require end-to-end encryption guarantees beyond WhatsApp — Messages are decrypted in the local SQLite database; an LLM integration further exposes message content to the MCP server and Claude. Security depends on host machine isolation.
  • You need production-grade reliability or SLA support — Project is v0.0.1 (pre-release, 3.5 months old) with 207 open issues. Authentication requires manual re-scanning QR codes ~every 20 days. Not suitable for critical or always-on workflows.
  • You operate in a regulated environment (healthcare, finance, legal) — Unvalidated security posture, local data exposure, and early-stage maturity create compliance and audit risk. Message storage in SQLite and LLM context passing require formal data governance.
  • You want multi-user or enterprise account management — Designed for personal WhatsApp accounts only. No RBAC, audit logging, or support for team-based workflows. Shared deployment risks unauthorized message access.

License & commercial use

MIT License. Permissive OSI license allowing modification, private use, distribution, and sublicensing with attribution and no liability.

MIT permits commercial use without explicit permission, but project maturity (v0.0.1, active development, 207 open issues) creates operational risk. Requires internal risk assessment and legal review before commercial deployment. No warranty or SLA provided.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Project stores decrypted WhatsApp messages in plaintext SQLite; no encryption at rest. LLM integration exposes message content to Claude's system, creating data exfiltration risk if the MCP server is compromised or Claude receives untrusted prompts. No audit logging, secrets management, or formal threat model documented. Host machine security and network isolation are critical. Strongly review the 'lethal trifecta' warning in the README before use.

Alternatives to consider

Official WhatsApp Business API

Enterprise-grade, SLA-backed, multi-user support. Requires business account and higher operational overhead; not designed for personal inbox automation.

Twilio or MessageBird WhatsApp SDKs

Cloud-hosted, production-ready, audit trails, compliance features. Centralized message handling; suitable for customer engagement but not personal message integration.

Custom integrations using selenium/playwright with WhatsApp Web

More flexible, no library dependency; higher maintenance burden, slower, and less stable due to DOM scraping fragility.

Software development agency

Build on whatsapp-mcp with DEV.co software developers

WhatsApp MCP is ideal for developers and early adopters seeking local-first message automation. Ensure you understand pre-release maturity, security implications, and authentication overhead before deploying.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

whatsapp-mcp FAQ

Does WhatsApp detect and ban this integration?
Unknown. The project uses WhatsApp's official Web multidevice API via whatsmeow, not unofficial scraping. WhatsApp's ToS likely prohibit automated access; ban risk is undocumented. Use at your own risk.
How often do I need to re-authenticate?
Approximately every 20 days via QR code scanning. The README acknowledges this; exact behavior depends on WhatsApp's session management.
Can I use this on a shared or production server?
Not recommended. Requires interactive QR scanning, stores plaintext message data, and has no RBAC. Use only on isolated personal machines.
What happens if I delete the SQLite database files?
The bridge will re-authenticate and begin re-downloading message history. Old data is lost. Use for sync recovery only; implement backups beforehand.

Custom software development services

From first prototype to production, DEV.co delivers software development services around tools like whatsapp-mcp. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across mcp servers and beyond.

Ready to integrate WhatsApp with Claude?

WhatsApp MCP is ideal for developers and early adopters seeking local-first message automation. Ensure you understand pre-release maturity, security implications, and authentication overhead before deploying.