Critical-risk tools in WSAPI WhatsApp MCP Server
7 of the 101 tools in WSAPI WhatsApp MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
whatsapp_clear_chatDestructiveClear all messages from a chat.
-
whatsapp_delete_chatDestructiveDelete a chat.
-
whatsapp_delete_messageDestructiveDelete a message for all participants.
-
whatsapp_delete_message_for_meDestructiveDelete a message only for yourself.
-
whatsapp_delete_statusDestructiveDelete a previously posted status update.
-
whatsapp_flush_historyDestructiveFlush cached history sync messages. Returns 202 Accepted, then asynchronously publishes cached history sync messages as events.
-
whatsapp_reset_group_invite_linkDestructiveReset group invite link.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.