Waha

22 tools. 8 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

8 can modify or destroy data
14 read-only
22 tools total

Community server · catalogue entry verified 01/07/2026

How to control Waha ↓

What Waha exposes to your agents

Read (14) Write / Execute (7) Destructive / Financial (1)
Critical Risk

The most dangerous Waha tools

8 of Waha's 22 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Waha

PolicyLayer is an MCP gateway — it sits between your AI agents and Waha, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "whatsapp_delete_message": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "whatsapp_auto_reply_disable": {
    "limits": [
      {
        "counter": "whatsapp_auto_reply_disable_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "whatsapp_account_info": {
    "limits": [
      {
        "counter": "whatsapp_account_info_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Waha — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON WAHA →

Instant setup, no code required.

All 22 Waha tools

READ 14 tools
Read whatsapp_account_info Get information about the authenticated WhatsApp account. Returns the phone number, display name, and WhatsAp Read whatsapp_auto_reply_list List every contact that currently has auto-reply transcription enabled, with display names from Google Contact Read whatsapp_chat_summary Get a readable summary of recent messages in a WhatsApp chat, including sender names and timestamps. This is Read whatsapp_check_number Check if a phone number is registered on WhatsApp. Use this before sending a message to a number not yet in y Read whatsapp_contact_graph Get social graph for a WhatsApp contact — shared groups, mutual connections. Args: - phone: Phone number wi Read whatsapp_download_media Download media (image, audio, video, document) from a WhatsApp message. Fetches the media attached to a speci Read whatsapp_get_contact Detail for a single contact — person OR group, by stable id. Returns shape depends on kind: - Person: conta Read whatsapp_list_chats List recent WhatsApp chats with last message preview and profile pictures. Returns chat IDs, names, profile p Read whatsapp_list_contacts Unified address book — lists people you DM and groups you Read whatsapp_read_messages Read messages from a specific WhatsApp chat. Returns messages with sender, text content, timestamp, and messa Read whatsapp_search_messages Search across all WhatsApp message history. Supports full-text search, date ranges, sender filtering, and mess Read whatsapp_session_status Check if the WhatsApp session is connected and working. Returns the session status (WORKING, STOPPED, etc.), Read whatsapp_stats Overview dashboard of WhatsApp activity — message totals, top chats, top contacts, and group/DM breakdown. No Read whatsapp_transcribe_audio Transcribe a WhatsApp voice message or audio to text. Server-side transcription via Speaches (Whisper). Optio

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Waha

Can an AI agent delete data through the Waha MCP server? +

Yes. The Waha server exposes 1 destructive tools including whatsapp_delete_message. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Waha? +

The Waha server has 7 write tools including whatsapp_auto_reply_disable, whatsapp_auto_reply_enable, whatsapp_edit_message. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Waha.

How many tools does the Waha MCP server expose? +

22 tools across 3 categories: Destructive, Read, Write. 14 are read-only. 8 can modify, create, or delete data.

How do I enforce a policy on Waha? +

Register the Waha MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Waha tool call.

Deterministic rules across all 22 Waha tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

22 Waha tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.