Safety

How to verify WhatsApp MCP for macOS

This page is here so users, security reviewers, and browser protection systems can quickly see what the project does and what it does not do.

Independent project

WhatsApp MCP for macOS is not affiliated with, endorsed by, or sponsored by WhatsApp LLC or Meta Platforms. The name describes interoperability with the WhatsApp desktop app.

No credential collection

The server never asks for your WhatsApp password, QR code, Meta credentials, payment details, browser cookies, session files, or recovery codes.

Local-only operation

The MCP server runs as a local stdio process on your Mac. It uses macOS Accessibility APIs to read and operate the WhatsApp desktop window that is already signed in.

Revocable permission

The only system permission involved is Accessibility for the host app that launches the MCP server. You can revoke it any time in System Settings.

Public install command

The install command is public. You do not need to enter an email address to install or inspect the project.

npm install -g whatsapp-mcp-macos
{
  "mcpServers": {
    "whatsapp": {
      "command": "whatsapp-mcp-macos",
      "transport": "stdio"
    }
  }
}

Source and package verification

Use it responsibly

This is a personal automation tool for your own signed-in desktop app. Do not use it for unsolicited bulk messaging, impersonation, or bypassing WhatsApp or Meta policies.