← Back to search

Search • Sprawl Radar • TrustOps • Gateway • Ledger • Mandates • Hosting • Docs Compiler • Demo • Trust Index • GitHub Action • Plans • Shortlists • Rankings • Compare • Badges • ChatGPT compatible • Claude compatible • Healthcare • Digests • RSS • RSS XML • Backfill • MCP API

manycontacts/whatsapp-mcp

ManyContacts.com MCP for WhatsApp Business

# ManyContacts MCP Server MCP (Model Context Protocol) server for [ManyContacts](https://manycontacts.com) — the WhatsApp Business CRM. Enables AI agents (Claude, Cursor, Windsurf, etc.) to manage contacts, send WhatsApp messages, run campaigns, configure AI auto-replies, and perform all CRM operations programmatically. ## Quick Start ### 1. Get your CLI token ```bash npm install -g @manycontacts/cli ``` **Already have an account?** Log in: ```bash mc auth login --email user@example.com --password mypassword mc auth whoami # verify it works ``` **New to ManyContacts?** Create an account and connect your WhatsApp channel: ```bash # Register a new account mc auth register --email user@example.com --name "My Company" # Connect a WhatsApp Business channel (choose one method): mc channels connect whatsapp-api # WhatsApp Cloud API (recommended) mc channels connect coexistence # ManyContacts coexistence mode mc channels connect qr # QR code pairing # Verify everything is set up mc auth whoami mc channels list ``` ### 2. Configure in your MCP client #### Claude Desktop / Claude Code Add to your MCP settings (`~/.claude/claude_desktop_config.json` or similar): ```json { "mcpServers": { "manycontacts": { "command": "npx", "args": ["@manycontacts/mcp"], "env": { "MC_CLI_TOKEN": "your-cli-token-here" } } } } ``` #### Cursor Add to `.cursor/mcp.json`: ```json { "mcpServers": { "manycontacts": { "command": "npx", "args": ["@manycontacts/mcp"], "env": { "MC_CLI_TOKEN": "your-cli-token-here" } } } } ``` > **Tip:** If you've already logged in via the CLI (`mc auth login`), the token is stored in `~/.manycontacts/config.json` and the MCP server will pick it up automatically — no `MC_CLI_TOKEN` env var needed. --- ## Available Tools (47 total) ### Account & Context #### `manycontacts_context` Get a full overview of your ManyContacts account: connected WhatsApp Business channels, contact/user/tag counts, active AI agents, and enabled features. **Use this first** to understand the account state before performing other operations. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_org_get` Get WhatsApp Business organization/account information including name, timezone, and all configuration settings. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_org_update` Update organization-level settings such as timezone, auto-reply messages, auto-close behavior, and webhook configuration. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `timezone` | `string` | No | Timezone identifier (e.g. `Europe/Madrid`, `America/New_York`) | | `auto_reply_open` | `boolean` | No | Enable auto-reply when a new chat is opened | | `auto_reply_open_text` | `string` | No | Auto-reply message text when chat opens | | `auto_reply_close` | `boolean` | No | Enable auto-reply when a chat is closed | | `auto_reply_close_text` | `string` | No | Auto-reply message text when chat closes | | `auto_reply_close_minutes` | `number` | No | Minutes of inactivity before auto-close | | `auto_reply_away` | `boolean` | No | Enable away/out-of-hours auto-reply | | `auto_reply_away_text` | `string` | No | Away auto-reply message text | | `webhooks_forward` | `boolean` | No | Enable webhook forwarding to an external URL | | `webhooks_forward_url` | `string` | No | External URL to forward webhook events to | --- #### `manycontacts_org_schedule_get` Get the business hours schedule. Returns the configured working hours for each day of the week, used to determine when the "away" auto-reply activates. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_org_apikey` Get the organization's REST API key for direct API integrations. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_channels_list` List all connected WhatsApp Business and Instagram channels. For WhatsApp channels, shows the phone number and connection status. For Instagram channels, shows the username. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- ### Contacts All contact operations use phone numbers as identifiers (with country code, no `+` prefix, e.g. `34600000000`). #### `manycontacts_contacts_list` List WhatsApp Business contacts with advanced filters. Returns paginated results with `has_more` indicator. Filters can be combined freely. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `page` | `number` | No | Page number (default: `1`) | | `limit` | `number` | No | Results per page, max `200` (default: `50`) | | `open` | `"true"` \| `"false"` | No | Filter by conversation open/closed status | | `assigned_to` | `string` | No | Filter by assigned user ID | | `tags` | `string` | No | Comma-separated tag IDs — contacts must have **all** specified tags | | `team` | `string` | No | Filter by team ID | | `stages` | `string` | No | Comma-separated funnel stage IDs | | `date_from` | `string` | No | Filter contacts updated after this date (`YYYY-MM-DD`) | | `date_to` | `string` | No | Filter contacts updated before this date (`YYYY-MM-DD`) | | `unread` | `"true"` | No | Only contacts with unread messages | | `blacklist` | `"true"` | No | Only blacklisted contacts | | `scheduled` | `"true"` | No | Only contacts with pending scheduled messages | > **Note:** When using `date_from` and `date_to` together, the range cannot exceed 90 days. **Response:** ```json { "ok": true, "data": [ { "name": "John Doe", "number": "34600000000", "open": true, "last_user_id": "uuid-of-assigned-user", "source": "whatsapp", "notes": "VIP customer", "customFields": {}, "createdAt": "2026-01-15T10:30:00Z" } ], "pagination": { "page": 1, "limit": 50, "has_more": true } } ``` --- #### `manycontacts_contacts_get` Get detailed information about a specific contact including their tags, teams, funnel stages, and custom fields. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number with country code (e.g. `34600000000`) | --- #### `manycontacts_contacts_create` Create a new WhatsApp Business contact in the CRM. The phone number will be normalized automatically (leading `+` removed). | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number with country code (e.g. `34600000000`) | | `name` | `string` | No | Contact display name | | `notes` | `string` | No | Free-text notes for the contact | --- #### `manycontacts_contacts_update` Update an existing contact's name, notes, or custom fields. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact to update | | `name` | `string` | No | New contact name | | `notes` | `string` | No | New contact notes | | `customFields` | `string` | No | Custom fields as a JSON string (e.g. `'{"company":"Acme"}'`) | --- #### `manycontacts_contacts_delete` Permanently delete a contact from the CRM. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact to delete | --- #### `manycontacts_contacts_assign` Assign a contact to a specific team member. The assigned user will see this contact in their personal inbox. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `userId` | `string` | **Yes** | User ID to assign the contact to (use `manycontacts_users_list` to get IDs) | --- #### `manycontacts_contacts_unassign` Remove the current user assignment from a contact. The contact returns to the general unassigned inbox. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | --- #### `manycontacts_contacts_close` Close a WhatsApp conversation. Closed conversations are archived and won't appear in the active inbox. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | --- #### `manycontacts_contacts_open` Reopen a previously closed WhatsApp conversation. The contact will appear again in the active inbox. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | --- #### `manycontacts_contacts_tag_add` Add a tag to a contact. Use `manycontacts_tags_list` to get available tag IDs. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `tagId` | `string` | **Yes** | Tag ID to add | --- #### `manycontacts_contacts_tag_remove` Remove a tag from a contact. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `tagId` | `string` | **Yes** | Tag ID to remove | --- #### `manycontacts_contacts_team_add` Add a team to a contact. Use `manycontacts_teams_list` to get available team IDs. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `teamId` | `string` | **Yes** | Team ID to add | --- #### `manycontacts_contacts_team_remove` Remove a team from a contact. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `teamId` | `string` | **Yes** | Team ID to remove | --- #### `manycontacts_contacts_set_stage` Move a contact to a specific stage within a sales funnel/pipeline. Use `manycontacts_funnels_list` to get funnel and stage IDs. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `funnel_id` | `string` | **Yes** | Funnel ID | | `stage_id` | `string` | **Yes** | Target stage ID within the funnel | --- #### `manycontacts_contacts_bulk` Perform bulk operations on multiple contacts at once. Supports closing, opening, assigning, tagging, and team assignment. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `action` | `"close"` \| `"open"` \| `"assign"` \| `"add_tag"` \| `"add_team"` | **Yes** | Bulk action to perform | | `phones` | `string` | **Yes** | Comma-separated phone numbers (e.g. `"34600000000,34600000001"`) | | `value` | `string` | No | Value required by the action: user ID for `assign`, tag ID for `add_tag`, team ID for `add_team`. Not needed for `close` or `open`. | --- ### Messaging #### `manycontacts_messages_list` List WhatsApp conversation messages for a contact. Returns messages in a conversation-friendly format with timestamps, status, and sender information. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `page` | `number` | No | Page number (default: `1`) | | `limit` | `number` | No | Messages per page (default: `50`) | --- #### `manycontacts_messages_send_text` Send a WhatsApp text message to a contact. Only works within the 24-hour conversation window. Use `manycontacts_messages_send_template` to initiate conversations outside this window. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number to send the message to | | `body` | `string` | **Yes** | Message text content | --- #### `manycontacts_messages_send_note` Create an internal note on a contact's conversation. Notes are only visible to team members and are **not** sent to the WhatsApp contact. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number of the contact | | `body` | `string` | **Yes** | Internal note text | --- #### `manycontacts_messages_send_template` Send a WhatsApp Business template message. Templates are required to initiate conversations outside the 24-hour window or for bulk outbound messaging. Templates must be pre-approved by Meta. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `phone` | `string` | **Yes** | Phone number to send the template to | | `templateId` | `string` | **Yes** | Template ID (use `manycontacts_templates_list` to get IDs) | | `variables` | `string` | No | Template variables as a JSON array string (e.g. `'["John","20%"]'`) | --- ### Templates WhatsApp Business templates are pre-approved message formats required for outbound messaging outside the 24-hour conversation window. #### `manycontacts_templates_list` List all WhatsApp Business message templates. Shows template name, code, status, components, and media flags. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `status` | `"approved"` \| `"pending"` \| `"rejected"` | No | Filter templates by approval status | --- #### `manycontacts_templates_get` Get full details of a specific template including its components (header, body, footer, buttons), configuration, and media attachments. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Template ID | --- #### `manycontacts_templates_sync` Sync WhatsApp Business templates from Meta Cloud API. Fetches the latest templates from the connected WhatsApp Business account. Useful after creating or modifying templates in the Meta Business Manager. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- ### Campaigns Campaigns allow bulk sending of WhatsApp template messages to a list of phone numbers at a scheduled time. #### `manycontacts_campaigns_list` List all WhatsApp Business bulk messaging campaigns with statistics (sent, delivered, read, and failed counts), template names, and scheduled dates. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_campaigns_create` Create a new WhatsApp Business bulk messaging campaign. The campaign will send a template message to the specified phone numbers at the scheduled time. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `name` | `string` | **Yes** | Campaign name | | `templateId` | `string` | **Yes** | WhatsApp template ID to use (must be `approved`) | | `phones` | `string` | **Yes** | Comma-separated phone numbers (e.g. `"34600000000,34600000001,34600000002"`) | | `date` | `string` | **Yes** | Scheduled send date in ISO format (e.g. `"2026-12-01T09:00:00"`) | | `variables` | `string` | No | Template variables as a JSON array string (e.g. `'["John","20%"]'`) | --- #### `manycontacts_campaigns_delete` Delete a WhatsApp Business campaign. Only pending (not yet sent) campaigns can be deleted. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Campaign ID to delete | --- ### Tags Tags are colored labels used to categorize and filter WhatsApp Business contacts (e.g. "VIP", "Support", "Lead"). #### `manycontacts_tags_list` List all available tags with their names, colors, and IDs. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_tags_create` Create a new tag for categorizing contacts. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `name` | `string` | **Yes** | Tag name | | `color` | `string` | No | Tag color as hex code (e.g. `"#ff0000"`). Defaults to `#fab1a0` | --- #### `manycontacts_tags_update` Update an existing tag's name or color. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Tag ID to update | | `name` | `string` | No | New tag name | | `color` | `string` | No | New tag color as hex code | --- #### `manycontacts_tags_delete` Delete a tag. The tag will be removed from all contacts that have it. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Tag ID to delete | --- ### Teams Teams group users together for assignment routing and contact organization. #### `manycontacts_teams_list` List all teams in the organization. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_teams_create` Create a new team. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `name` | `string` | **Yes** | Team name | --- #### `manycontacts_teams_add_member` Add a user to a team. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `teamId` | `string` | **Yes** | Team ID | | `userId` | `string` | **Yes** | User ID to add to the team | --- #### `manycontacts_teams_remove_member` Remove a user from a team. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `teamId` | `string` | **Yes** | Team ID | | `userId` | `string` | **Yes** | User ID to remove from the team | --- #### `manycontacts_teams_delete` Delete a team. Team members are not deleted, only the team grouping. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Team ID to delete | --- ### Sales Funnels / Pipelines Funnels allow you to track contacts through a multi-stage sales or support pipeline (e.g. "New Lead" -> "Qualified" -> "Proposal" -> "Won"). #### `manycontacts_funnels_list` List all sales funnels/pipelines with their stages. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_funnels_create` Create a new sales funnel/pipeline. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `name` | `string` | **Yes** | Funnel name | --- #### `manycontacts_funnels_add_stage` Add a new stage to an existing funnel. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `funnelId` | `string` | **Yes** | Funnel ID | | `name` | `string` | **Yes** | Stage name (e.g. "Qualified", "Proposal Sent") | | `order` | `number` | **Yes** | Stage position in the pipeline (0-based) | --- #### `manycontacts_funnels_update_stage` Update a stage's name within a funnel. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `funnelId` | `string` | **Yes** | Funnel ID | | `stageId` | `string` | **Yes** | Stage ID to update | | `name` | `string` | No | New stage name | --- #### `manycontacts_funnels_contacts` List contacts currently in a specific funnel, optionally filtered by stage. Returns paginated results. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `funnelId` | `string` | **Yes** | Funnel ID | | `stage_id` | `string` | No | Filter by specific stage ID | | `page` | `number` | No | Page number | | `limit` | `number` | No | Results per page | --- #### `manycontacts_funnels_delete` Delete a sales funnel/pipeline and all its stages. Contacts in the funnel are not deleted. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | Funnel ID to delete | --- ### Users / Team Members Manage the team members who have access to the WhatsApp Business CRM. #### `manycontacts_users_list` List all team members/users in the organization with their roles and details. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_users_get` Get details of a specific team member. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | User ID | --- #### `manycontacts_users_update` Update a team member's profile information. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | User ID to update | | `name` | `string` | No | New user display name | --- #### `manycontacts_users_invite` Invite a new team member to the organization by email. They will receive an invitation email to join. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `email` | `string` | **Yes** | Email address to send the invitation to | --- #### `manycontacts_users_delete` Remove a team member from the organization. Their assigned contacts will become unassigned. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | User ID to remove | --- ### AI Agents AI agents auto-respond to incoming WhatsApp messages using configurable instructions and scenarios. Only active agents are listed. #### `manycontacts_ai_agents_list` List all active AI auto-reply agents with their configuration. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | *(none)* | — | — | No parameters needed | --- #### `manycontacts_ai_agents_get` Get full details of a specific AI agent including its scenarios (conversation flows), instruction blocks, and configuration. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | AI Agent ID (UUID) | --- #### `manycontacts_ai_agents_update` Update an AI agent's configuration. You can enable/disable the agent or modify its instruction blocks. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | AI Agent ID (UUID) | | `active` | `boolean` | No | Enable (`true`) or disable (`false`) the agent | | `block_1` | `string` | No | Agent instructions — block 1 | | `block_2` | `string` | No | Agent instructions — block 2 | | `block_3` | `string` | No | Agent instructions — block 3 | --- #### `manycontacts_ai_agents_feedback` Get feedback and conversation logs for an AI agent. Shows how the agent has been responding and user satisfaction data. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `id` | `string` | **Yes** | AI Agent ID (UUID) | --- ## Environment Variables | Variable | Required | Description | |----------|----------|-------------| | `MC_CLI_TOKEN` | Yes* | ManyContacts CLI authentication token. Get one via `mc auth login`. | | `MC_API_URL` | No | API base URL (default: `https://api.manycontacts.com`) | > *If you've logged in via the CLI, the token is stored locally at `~/.manycontacts/config.json` and the MCP server reads it automatically. ## Authentication The MCP server authenticates using CLI tokens. Each token is scoped to an organization and has configurable permissions. ```bash # Login to get a token mc auth login --email user@example.com --password mypassword # The token is stored at ~/.manycontacts/config.json # Or set it explicitly via environment variable: export MC_CLI_TOKEN=your-token-here ``` ## Rate Limits - **Paying accounts:** 60 requests/minute - **Free/trial accounts:** 10 requests/minute When rate limited, the server returns a `429` error with a link to upgrade. ## License MIT

JSON report • History API • Manage this server • Global feed

EXECUTIVE VERDICT

Executive verdict

Production trust decision: Block for production

Reason: failing live status + score below evaluation threshold

Next action: revalidate, add safeguards, export policy

Status

Failing

Score

45.6

Transport

unknown

Tools

Current trust snapshot

Snapshot ID

trustsnap_9218b451ac49097c

Use this ID to compare server page, report, policy, MCP, homepage, ranking, and shortlist surfaces.

Snapshot generated

May 24, 2026 09:20:21 PM UTC

All page, report, policy, and MCP surfaces use this same server-detail snapshot shape.

Last validated

May 24, 2026 06:45:19 PM UTC

Age: 2.58h • freshness band: Verified in last 24h • display score: 45.62

Production trust decision

Block for production

failing live status + score below evaluation threshold

Readiness class

Needs remediation

Current validation evidence shows operational or discovery gaps that should be fixed first.

SERVER OWNER FUNNEL

Own this MCP?

Claim ownership, prove control with a GitHub, DNS, or HTTP token challenge, revalidate now, publish a badge, and configure monitoring.

1. Claim

unclaimed

Start owner claim with GitHub, DNS, or HTTP challenge instructions.

2. Revalidate

POST /v1/servers/manycontacts/whatsapp-mcp/revalidate

Verified owners get priority queueing after proof succeeds.

3. Badge

Verified by MCP Verify - score 45.6 - last checked May 24, 2026

4. Monitor

Pick plan + alerts

Continuous Verify plan is self-serve: choose a tier, configure watches, add authenticated validation, trigger revalidation, and use the badge.

Badge embed

[![Verified by MCP Verify](https://verify.sentinelsignal.io/badge/manycontacts/whatsapp-mcp.svg)](https://verify.sentinelsignal.io/servers/manycontacts/whatsapp-mcp)

MCP TrustOps

TrustOps turns this report into operational controls: freshness SLAs, authenticated validation, semantic benchmarks, policy exports, alert subscriptions, badges, cost/compliance metadata, and runtime routing. Fresh trusted index decisions stay separate from long-tail inventory so stale scores do not masquerade as current evidence.

Freshness band

Verified in last 24h

Policy SLA: 168.0h • confidence-weighted score: 35.4 • stale score suppressed: ✕

Policy exports

Export policy

Formats: json, rego, yaml, github_action, gateway_config, client_report

Runtime routing

/v1/decide

Returns allowed tools, blocked tools, approval requirement, and reason.

Hosted runtime

Verify Hosted MCP

Deploy trusted servers from GitHub with secrets, egress controls, releases, rollback, and audit events.

Authenticated validation

Premium publisher feature: paid authenticated runs verify scopes, write-action safeguards, and authorized tool execution.

Active trust badges

Freshly Validated Write-Safe No Critical Risk

Semantic benchmarks

available

Templates cover GitHub, database, healthcare, web search, and CRM least-privilege jobs.

Supply chain

metadata signal

Deep scan checks are marked separately from public metadata signals.

Compliance metadata

Terms, privacy, SOC 2, HIPAA, GDPR, retention, deletion, and audit-log fields are tracked as enterprise metadata.

Alert subscription types

Status changes Score drops or recovers Freshness SLA breach Validation schema drift OAuth or auth behavior changes Tool surface changes New or changed write tool Supply-chain signal changes Legal or compliance metadata changes

MCP Runtime hosting

Verify Hosted MCP turns a trusted server report into a managed remote MCP endpoint with GitHub deployment provenance, sandbox policy, encrypted secrets, release history, rollback, and audit/usage events.

Activation readiness

Trusted hosted runtimes require fresh validation, a passing server state, a remote endpoint, and a minimum score.

Minimum tier

TrustOps

Publisher claim plus paid TrustOps tier are required before secrets or releases can be created.

Hosted endpoint

/hosted/{namespace}/{name}/mcp

The endpoint enforces egress allowlists and records audit/usage events.

Blockers

score_below_hosting_threshold server_not_healthy_or_degraded remote_endpoint_missing latest_validation_not_passing

Deployment	Status	Endpoint	Release
No hosted runtime deployments yet.

Production readiness class

Needs remediation

Current validation evidence shows operational or discovery gaps that should be fixed first.

Critical alerts

Production verdicts degrade quickly when critical alerts are active.

Evidence confidence

Confidence score

77.5

Based on 10 recent validations, 26 captured checks, and validation age of 2.6 hours.

Live checks captured

More direct checks increase trust in the current verdict.

Validation age

2.6h

Lower age means fresher evidence.

Recommended for

No recommendation profile is available yet.

Client compatibility verdicts

Client compatibility only means the server shape can work with a client. Production trust decision and write-action publishing are evaluated separately so a client-compatible server can still be blocked for production.

Client compatibility: ChatGPT

Not client-compatible

Requires a streamable HTTP endpoint.; Requires a public remote MCP endpoint.; OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Initialize must be reachable.; tools/list must succeed.; OAuth interoperability should be strong.

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • Missing
tools_list • Missing
transport_compliance_probe • Missing
step_up_auth_probe • Missing
connector_replay_probe • Missing — Frozen tool snapshots must survive refresh.
request_association_probe • Missing — Roots, sampling, and elicitation should stay request-scoped.

Client compatibility: Claude

Not client-compatible

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • Missing
tools_list • Missing
transport_compliance_probe • Missing

Write-action publishing

Publishing allowed

Current write surface is bounded enough for cautious review with production policy controls.

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history

Disagreements: none

action_safety_probe • OK

Snapshot churn risk

Low

No material tool-surface churn detected in the latest comparison.

Confidence: high (77.5)

Evidence provenance

Winner: history

Supporting sources: history, live_validation

Disagreements: none

tool_snapshot_probe • Missing
connector_replay_probe • Missing

Why compatibility is limited by client

ChatGPT custom connector

Not client-compatible

Remediation checklist

Requires a streamable HTTP endpoint.
Requires a public remote MCP endpoint.
OpenAI connectors expect OAuth for remote server auth.
Dynamic client registration materially improves connector setup.
Initialize must be reachable.
tools/list must succeed.

Claude remote MCP

Not client-compatible

Remediation checklist

Requires a reachable remote MCP URL.
Initialize must succeed or cleanly request auth.
tools/list must succeed.
A useful Claude integration needs at least one exposed tool.
Claude remote wrappers expect HTTP/SSE transports.
search fetch only is not yet satisfied

Write-safe publishing

Ready

Remediation checklist

No explicit blockers recorded.

Verdict traces

Production verdict

Needs remediation

Current validation evidence shows operational or discovery gaps that should be fixed first.

Confidence: high (77.5)

Winning source: live_validation

Triggering alerts

server_failing • critical • Latest validation is failing

Client verdict trace table

Verdict	Status	Checks	Winning source	Conflicts
`openai_connectors`	Not client-compatible	initialize, tools_list, transport_compliance_probe, step_up_auth_probe, connector_replay_probe, request_association_probe	live_validation	none
`claude_desktop`	Not client-compatible	initialize, tools_list, transport_compliance_probe	live_validation	none
`unsafe_for_write_actions`	Publishing allowed	action_safety_probe	live_validation	none
`snapshot_churn_risk`	Low	tool_snapshot_probe, connector_replay_probe	history	none

Publishability policy profiles

ChatGPT custom connector compatibility

Compatible with review

Search Fetch Only: No
Write Actions Present: No
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Claude remote MCP compatibility

Compatible with review

Requires a reachable remote MCP URL.; Initialize must succeed or cleanly request auth.; tools/list must succeed.; A useful Claude integration needs at least one exposed tool.; Claude remote wrappers expect HTTP/SSE transports. Compatibility is not a production approval; company knowledge and Messages API gates remain separate.

Search Fetch Only: No
Write Actions Present: No
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Compatibility fixtures

ChatGPT custom connector fixture

Degraded

remote_http_endpoint: Likely to fail
oauth_discovery: Degraded
frozen_tool_snapshot_refresh: Passes
request_association: Passes

Anthropic remote MCP fixture

Degraded

remote_transport: Likely to fail
tool_discovery: Likely to fail
auth_connect: Likely to fail
safe_write_review: Passes

Authenticated validation sessions

Public validation is free. Authenticated validation is paid and proves scoped behavior, write-action safeguards, and authenticated tool execution.

Latest profile

remote_mcp

Authenticated session used

Public score isolation

✓

Preview endpoint

/v1/verify

CI preview endpoint

/v1/ci/preview

Public server reputation

Validation success 7d

0.0

Validation success 30d

0.0

Mean time to recover

n/a

Breaking diffs 30d

Registry drift frequency 30d

Snapshot changes 30d

Incident & change feed

Timestamp	Event	Details
May 24, 2026 06:45:19 PM UTC	Latest validation: failing	Score 45.6 with status failing.

Capabilities

OAuth: ✕
DCR/CIMD: ✕
Prompts: ✕
Homepage: https://www.npmjs.com/package/@manycontacts/mcp
Docs: none
Support: none
Icon: https://api.smithery.ai/servers/manycontacts/whatsapp-mcp/icon
Remote endpoint: none
Server card: none

Use-case taxonomy

development communication productivity web

Security posture

Tools analyzed

High-risk tools

Destructive tools

Exec tools

Egress tools

Secret tools

Bulk-access tools

Risk distribution

none

Tool capability & risk inventory

No tool inventory available from the latest validation run.

Write-action governance

Governance status

Safe to publish

✓

Auth boundary

public_or_unclear

Blast radius

Low

High-risk tools

Confirmation signals

none

Safeguard count

Status detail: No unsafe write-action governance gaps detected on the latest validation.

Tool	Risk	Flags	Safeguards
No high-risk tools were detected on the latest run.

Action-controls diff

Need at least two validation runs before diffing action controls.

Why this score?

Access & Protocol

13/44

Connectivity, auth, and transport expectations for common clients.

Interface Quality

13/56

How well the tool/resource interface communicates and behaves under automation.

Security Posture

23.5/36

How safely the exposed tool surface handles destructive actions, egress, execution, secrets, and risky inputs.

Reliability & Trust

16.67/24

Operational stability, consistency, and trustworthiness over time.

Discovery & Governance

21.25/28

How well the server is documented, listed, and governed in public registries.

Adoption & Market

2/8

Adoption clues and public evidence that the server is intended for external use.

Algorithmic score breakdown

Auth Operability

0/4

Measures whether auth discovery and protected access behave predictably for clients.

Error Contract Quality

0/4

Grades machine-readable error structure, status alignment, and remediation hints.

Rate-Limit Semantics

2/4

Checks whether quota/throttle responses are deterministic and automation-friendly.

Schema Completeness

0/4

Completeness of tool descriptions, parameter docs, examples, and schema shape.

Backward Compatibility

4/4

Stability score across tool schema/name drift relative to prior validations.

SLO Health

3/4

Availability, latency, and burst-failure profile across recent validation history.

Security Hygiene

1.5/4

HTTPS posture, endpoint hygiene, and response-surface hardening checks.

Task Success

1.7/4

Can an agent reliably initialize, enumerate tools, and execute core MCP flows?

Trust Confidence

2/4

Confidence-adjusted reliability score that penalizes low evidence volume.

Abuse/Noise Resilience

3/4

How well the server preserves core behavior in the presence of noisy traffic patterns.

Prompt Contract

2/4

Quality of prompt metadata, argument shape, and prompt discoverability for clients.

Resource Contract

2/4

How completely resources and resource templates describe URIs, types, and usage shape.

Discovery Metadata

3/4

Homepage, docs, icon, repository, support, and license coverage for directory consumers.

Registry Consistency

3/4

Agreement between stored registry metadata, live server-card data, and current validation output.

Installability

2/4

How cleanly a real client can connect, initialize, enumerate tools, and proceed through auth.

Session Semantics

0/4

Determinism and state behavior across repeated MCP calls, including sticky-session surprises.

Tool Surface Design

0/4

Naming clarity, schema ergonomics, and parameter complexity across the tool surface.

Result Shape Stability

0/4

Stability of declared output schemas across validations, with penalties for drift or missing shapes.

OAuth Interop

0/4

Depth and client compatibility of OAuth/OIDC metadata beyond the minimal protected-resource check.

Recovery Semantics

0/4

Whether failures include actionable machine-readable next steps such as retry or upgrade guidance.

Maintenance Signal

3.8/4

Versioning, update recency, and historical validation cadence that indicate active stewardship.

Adoption Signal

2/4

Directory presence and distribution clues that suggest the server is intended for external use.

Freshness Confidence

3/4

Confidence that recent validations are current enough and dense enough to trust operationally.

Transport Fidelity

0/4

Whether declared transport metadata matches the observed endpoint behavior and response formats.

Spec Recency

2/4

How close the server’s claimed MCP protocol version is to the latest known public revision.

Session Resume

0/4

Whether Streamable HTTP session identifiers and resumed requests behave cleanly for real clients.

Step-Up Auth

3/4

Whether OAuth metadata and WWW-Authenticate challenges support granular, incremental consent instead of broad upfront scopes.

Transport Compliance

1/4

Checks session headers, protocol-version enforcement, session teardown, and expired-session behavior.

Utility Coverage

2/4

Signals support for completions, pagination, and task-oriented utility surfaces that larger clients increasingly expect.

Advanced Capability Coverage

2/4

Coverage of newer MCP surfaces like roots, sampling, elicitation, structured output, and related metadata.

Connector Publishability

0/4

How ready the server looks for client catalogs and managed connector programs.

Tool Snapshot Churn

0/4

Stability of the tool surface across recent validations, including add/remove and output-shape drift.

Connector Replay

3/4

Whether a previously published frozen connector snapshot would remain backward compatible after the latest tool refresh.

Request Association

3/4

Whether roots, sampling, and elicitation appear tied to active client requests instead of arriving unsolicited on idle sessions.

Interactive Flow Safety

3/4

Whether prompts and docs steer users toward safe auth flows instead of pasting secrets directly.

Action Safety

3/4

Risk-weighted view of destructive, exec, egress, and confirmation semantics across the tool surface.

Official Registry Presence

3/4

Whether the server appears directly or indirectly in the official MCP registry.

Provenance Divergence

4/4

How closely official registry metadata, the live server card, and public repo/package signals agree with each other.

Safety Transparency

4/4

Clarity of docs, auth disclosure, support links, and other trust signals visible to integrators.

Tool Capability Clarity

0/4

How clearly the tool surface communicates whether each action reads, writes, deletes, executes, or exports data.

Destructive Operation Safety

3/4

Penalizes delete/revoke/destroy style tools unless auth and safeguards reduce blast radius.

Egress / SSRF Resilience

3/4

Assesses arbitrary URL fetch, crawl, webhook, and remote-request exposure on the tool surface.

Execution / Sandbox Safety

4/4

Evaluates shell, code, script, and command-execution exposure and whether that surface appears contained.

Data Exfiltration Resilience

3/4

Assesses export, dump, backup, and bulk-read behavior against the surrounding auth and safeguard signals.

Least Privilege Scope

2/4

Rewards scoped auth metadata and penalizes broad or missing scopes around privileged tools.

Secret Handling Hygiene

3/4

Assesses secret-bearing tools, token leakage risk, and whether the public surface avoids obvious secret exposure.

Supply Chain Signal

0.5/4

Public metadata signal for repository, changelog, license, versioning, and recency that supports supply-chain trust.

Input Sanitization Safety

0/4

Penalizes risky freeform string inputs when schemas do not constrain URLs, code, paths, queries, or templates.

Tool Namespace Clarity

0/4

Measures naming uniqueness and ambiguity across the tool namespace to reduce collision and confusion risk.

Compatibility profiles

OpenAI Connectors

22.2

blocked

Connector URL: https://example.com/mcp
# No OAuth metadata detected.
# Server: manycontacts/whatsapp-mcp

Claude Desktop

16.7

blocked

{
  "mcpServers": {
    "whatsapp-mcp": {
      "command": "npx",
      "args": ["mcp-remote", "https://example.com/mcp"]
    }
  }
}

Smithery

20.0

blocked

Requires a public remote MCP URL.; Tool discovery must succeed.; Initialize should work before execution.; Machine-readable failure semantics should be present.

smithery mcp add "https://example.com/mcp"

Generic Streamable HTTP

0.0

blocked

Requires an HTTP-native transport.; Requires a reachable remote MCP URL.; Initialize must succeed.; tools/list must succeed.; Transport behavior should match metadata.; Session behavior should be predictable.

curl -sS https://example.com/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Actionable remediation

Severity	Remediation	Why it matters	Recommended action
Critical	Ensure tools/list succeeds consistently	Tools discovery is the minimum viable contract for most MCP clients and directories.	Make tools/list succeed unauthenticated when possible, or document the auth flow in the server card. Playbook Make `tools/list` deterministic across repeated calls. Document or relax auth requirements for discovery routes. Check that tool names, descriptions, and schemas remain stable across deploys.
Critical	Make initialize deterministic and client-friendly	If initialize fails or requires undocumented auth, many MCP clients cannot connect.	Allow initialize to succeed consistently, or return a deterministic auth-required response with clear metadata. Playbook Allow `initialize` to succeed unauthenticated when possible. If auth is required, return a deterministic auth-required response and matching metadata. Retest against `your remote MCP URL` from a clean client session.
Critical	Respond to latest validation is failing	Core MCP flows did not validate successfully on the latest run.	Fix the failing checks first, then revalidate to confirm the recovery path. Playbook Fix the failing checks first. Review the latest incident feed and validation diff for the first regression. Revalidate once the remediation lands.
High	Align session and protocol behavior with Streamable HTTP expectations	Clients increasingly rely on MCP-Protocol-Version, session teardown, and expired-session semantics.	Align MCP-Protocol-Version, MCP-Session-Id, DELETE teardown, and expired-session handling with the transport spec. Playbook Return `Mcp-Session-Id` and `Mcp-Protocol-Version` headers consistently on streamable HTTP responses. Honor `DELETE` session teardown and return `404` when a deleted session is reused. Reject invalid protocol-version headers with `400 Bad Request`.
High	Associate roots, sampling, and elicitation with active client requests	Modern MCP guidance expects roots, sampling, and elicitation traffic to be tied to an active client request instead of arriving unsolicited on idle sessions.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
High	Expose /.well-known/oauth-protected-resource	Without a protected-resource document, OAuth clients cannot discover auth requirements reliably.	Serve /.well-known/oauth-protected-resource and point it at your authorization server metadata. Playbook Serve `/.well-known/oauth-protected-resource` from the same host as the MCP endpoint. Point it at the authorization server metadata URL. Confirm clients receive consistent auth hints before tool execution.
High	Keep connector refreshes backward compatible	Managed connector clients freeze tool snapshots, so removed tools, new required args, and breaking output changes can break published integrations after refresh.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
High	Publish OAuth authorization-server metadata	Clients need authorization-server metadata to discover issuer, endpoints, and DCR support.	Publish /.well-known/oauth-authorization-server from your issuer and include registration_endpoint when supported. Playbook Publish `/.well-known/oauth-authorization-server` from the issuer. Add `registration_endpoint` if DCR is supported. Verify issuer, authorization, token, and jwks metadata are all reachable.
High	Publish a complete server card	Missing or incomplete server-card metadata weakens discovery, documentation, and trust signals.	Serve /.well-known/mcp/server-card.json and include tools, prompts/resources, homepage, and support links. Playbook Publish `/.well-known/mcp/server-card.json`. Include homepage, repository, support, tools, prompts/resources, and auth metadata. Revalidate the server after publishing the card.
High	Stop asking users to paste secrets directly	Public MCP servers should prefer OAuth or browser-based auth guidance over in-band secret collection.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Adopt a current MCP protocol revision	Older protocol revisions reduce compatibility with newer clients and registry programs.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Close connector-publishing gaps	Connector catalogs care about protocol recency, session behavior, auth clarity, and tool-surface stability.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Document minimal scopes and return cleaner auth challenges	Modern clients expect granular scopes and step-up auth signals such as WWW-Authenticate scope hints.	Return granular scopes and WWW-Authenticate challenge hints instead of forcing overly broad auth upfront. Playbook Advertise the narrowest viable scopes in OAuth metadata. Return `WWW-Authenticate` challenges with scope or insufficient-scope hints when additional consent is needed. Revalidate with both public discovery and auth-required flows.
Medium	Publish OpenID configuration	OIDC metadata improves token validation and client compatibility.	Expose /.well-known/openid-configuration with issuer, jwks_uri, and supported grants. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Access & Protocol score	Connectivity, auth, and transport expectations for common clients.	Tighten auth discovery, session behavior, and transport metadata until remote clients can connect without guesswork. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Adoption & Market score	Adoption clues and public evidence that the server is intended for external use.	Increase external documentation and directory coverage so users can discover and evaluate the server. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Interface Quality score	How well the tool/resource interface communicates and behaves under automation.	Improve schemas, error contracts, and recovery messages so agents can reason about the surface automatically. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Reduce tool-surface churn	Frequent add/remove or output-shape drift makes published connectors and cached tool snapshots brittle.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Repair prompts/list or stop advertising prompts	Prompt metadata should either work live or be removed from the advertised capability set.	Only advertise prompts if prompts/list works and prompt arguments are documented. Playbook Only advertise prompts that are actually accessible. Add prompt descriptions and argument docs. Run a live `prompts/list` check after any prompt changes.
Medium	Repair resources/list or stop advertising resources	Resource metadata should either work live or be removed from the advertised capability set.	Only advertise resources if resources/list works and resources expose stable URIs/types. Playbook Only advertise resources with stable URIs and read semantics. Add MIME/type hints where possible. Run a live `resources/list` and `resources/read` check after updates.
Medium	Support resumable HTTP sessions cleanly	Modern MCP clients increasingly expect resumable session behavior on streamable HTTP transports.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Low	Expose modern utility surfaces like completions, pagination, or tasks	Utility coverage improves interoperability with larger clients and long-lived agent workflows.	Expose completions, pagination, and task metadata where supported so larger clients can plan and resume work safely. Playbook Advertise `completions`, pagination cursors, and `tasks` only when they are actually supported. Return `nextCursor` on large list operations when pagination is available. Document task support and whether it requires step-up auth.
Low	Harden generic GET handling	Simple probe requests should not surface server instability or noisy failures.	Harden generic GET handlers around the origin of your remote MCP URL so incidental traffic does not produce noisy failures. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Low	Publish newer MCP capability signals	Roots, sampling, elicitation, structured outputs, and related metadata improve client understanding and ranking.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Low	Publish or reconcile the server in the official MCP registry	Official registry presence improves discovery confidence and cross-source consistency.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.

Point loss breakdown

Component	Current	Points missing
Transport Fidelity	0/4	-4.0
Tool Surface Design	0/4	-4.0
Tool Snapshot Churn	0/4	-4.0
Tool Namespace Clarity	0/4	-4.0
Tool Capability Clarity	0/4	-4.0
Session Semantics	0/4	-4.0
Session Resume	0/4	-4.0
Schema Completeness	0/4	-4.0
Result Shape Stability	0/4	-4.0
Recovery Semantics	0/4	-4.0
OAUTH Interop	0/4	-4.0
Input Sanitization Safety	0/4	-4.0

Validation diff

Score delta

Summary changed

Tool delta

Prompt delta

Auth mode changed

Write surface expanded

Protocol regressed

Registry drift changed

Regressed checks: connector_publishability_probe

Improved checks: action_safety_probe, provenance_divergence_probe

Component	Previous	Latest	Delta
No component deltas between the latest two runs.

Tool snapshot diff & changelog

Need at least two validation runs before building a tool changelog.

Connector replay

Status

Missing

Backward compatible

Would break after refresh

Added tools

none

Removed tools

none

Additive output changes

none

Required-argument replay breaks

Tool	Added required args	Removed required args
No required-argument replay breaks detected.

Output-schema replay breaks

Tool	Removed properties	Added properties
No output-schema replay breaks detected.

Transport compliance drilldown

Probe status

Missing

Transport

unknown

Session header

Protocol header

Bad protocol response

n/a

DELETE teardown

n/a

Expired session retry

n/a

Last-Event-ID visible

Issues: none

Request association

Status

Missing

Advertised capabilities

none

Observed idle methods

none

Violating methods

none

Probe HTTP status

n/a

Issues

none

Utility coverage

Probe status

Missing

Completions

not detected

Completion probe target: none

Pagination

not detected

No nextCursor evidence.

Tasks

Missing

Advertised: no

Benchmark tasks

Benchmark task	Status	Evidence
Discover tools	Likely to fail	`initialize` • Missing `tools_list` • Missing
Read-only fetch flow	Likely to fail	`resource_read` • Missing `read_only_tool_surface` • Missing
OAuth-required connect	Degraded	`oauth_protected_resource` • Missing `step_up_auth_probe` • Missing
Safe write flow with confirmation	Passes	`action_safety_probe` • OK

Registry & provenance divergence

Probe status

Direct official match

Drift fields

none

Field	Registry	Live server card
Title	n/a	n/a
Version	n/a	n/a
Homepage	n/a	n/a

Active alerts

Latest validation is failing (critical)
Core MCP flows did not validate successfully on the latest run.

Aliases & registry graph

Identifier	Source	Canonical	Score
`manycontacts/whatsapp-mcp`	smithery_registry	yes	45.62

Alias consolidation

Canonical identifier

manycontacts/whatsapp-mcp

Duplicate aliases

Registry sources

smithery_registry

Remote URLs

none

Homepages

https://www.npmjs.com/package/@manycontacts/mcp

Source disagreements

Field	What differs	Observed values
No source disagreements detected.

Install snippets

Openai Connectors

Connector URL: https://example.com/mcp
# No OAuth metadata detected.
# Server: manycontacts/whatsapp-mcp

Claude Desktop

{
  "mcpServers": {
    "whatsapp-mcp": {
      "command": "npx",
      "args": ["mcp-remote", "https://example.com/mcp"]
    }
  }
}

Smithery

smithery mcp add "https://example.com/mcp"

Generic Http

curl -sS https://example.com/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Agent access & tool surface

Live server tools

No live tool surface captured yet.

Observed from the latest live validation against none. This is the target server surface, not Verify's own inspection tools.

Live capability counts

0 tools • 0 prompts • 0 resources

Counts come from the latest tools/list, prompts/list, and resources/list checks.

Inspect with Verify

search fetch search_servers recommend_servers get_server_report compare_servers

Use Verify itself to search, recommend, compare, and fetch the full report for manycontacts/whatsapp-mcp.

Direct machine links

JSON report • Compare this server • Verify MCP API

Claims & monitoring

Server ownership

No verified maintainer claim recorded.

Watch subscriptions

Teams: none

Alert routing

Active watches

Generic webhooks

Slack routes

Teams routes

Email routes

Watch	Team	Channels	Minimum severity
No active watch destinations.

Maintainer analytics

Validation Run Count

Average Latency Ms

17.13

Healthy Run Ratio Recent

0.0

Registry Presence Count

Active Alert Count

Watcher Count

Verified Claim

False

Taxonomy Tags

development, communication, productivity, web

Score Trend

45.62, 45.62, 45.62, 45.62, 45.62, 45.62, 45.62, 45.62, 45.62, 45.62

Remediation Count

High Risk Tool Count

Destructive Tool Count

Exec Tool Count

Maintainer response quality

Score

16.67

Verified claim

Support contact

Changelog present

Incident notes present

Tool changes documented

✓

Annotation history

Annotation count

Maintainer annotations

No maintainer annotations have been recorded yet.

Maintainer rebuttals & expected behavior

No maintainer rebuttals or expected-behavior overrides are recorded yet.

Latest validation evidence

Latest summary

Failing

Validation profile

remote_mcp

Started

May 24, 2026 06:45:19 PM UTC

Latency

18.5 ms

Failures

initialize no remote url
oauth_authorization_server no authorization server
oauth_protected_resource no remote url
openid_configuration no authorization server
probe_noise_resilience no remote url
server_card no server card url
tools_list no remote url

Checks

Check	Status	Latency	Evidence
`action_safety_probe`	OK	n/a	No high-risk write, destructive, or exec tools detected.
`advanced_capabilities_probe`	Missing	n/a	No advanced MCP capability signals detected.
`connector_publishability_probe`	Error	n/a	Publishability blockers: remote transport, initialize, tools list, protocol version, +4 more.
`connector_replay_probe`	Missing	n/a	No connector replay evidence recorded.
`determinism_probe`	Missing	n/a	no remote url
`initialize`	Missing	n/a	no remote url
`interactive_flow_probe`	Missing	n/a	Check completed
`oauth_authorization_server`	Missing	n/a	no authorization server
`oauth_protected_resource`	Missing	n/a	no remote url
`official_registry_probe`	Warning	n/a	Check completed
`openid_configuration`	Missing	n/a	no authorization server
`probe_noise_resilience`	Missing	n/a	no remote url
`prompt_get`	Missing	n/a	not advertised
`prompts_list`	Missing	n/a	no remote url
`protocol_version_probe`	Missing	n/a	No protocol version was advertised.
`provenance_divergence_probe`	OK	n/a	Check completed
`request_association_probe`	Missing	n/a	No request-association capabilities were advertised.
`resource_read`	Missing	n/a	not advertised
`resources_list`	Missing	n/a	no remote url
`server_card`	Missing	n/a	no server card url
`session_resume_probe`	Missing	n/a	no remote url
`step_up_auth_probe`	Missing	n/a	No OAuth or incremental-scope signals detected.
`tool_snapshot_probe`	Missing	n/a	no tools
`tools_list`	Missing	n/a	no remote url
`transport_compliance_probe`	Missing	n/a	Session header=no, protocol header=no, bad protocol=n/a.
`utility_coverage_probe`	Missing	n/a	No completions evidence; no pagination evidence; tasks missing.

Raw evidence view

Show raw JSON evidence

{
  "checks": {
    "action_safety_probe": {
      "details": {
        "auth_present": false,
        "confirmation_signals": [],
        "safeguard_count": 0,
        "summary": {
          "bulk_access_tools": 0,
          "capability_distribution": {},
          "destructive_tools": 0,
          "egress_tools": 0,
          "exec_tools": 0,
          "high_risk_tools": 0,
          "risk_distribution": {
            "critical": 0,
            "high": 0,
            "low": 0,
            "medium": 0
          },
          "secret_tools": 0,
          "tool_count": 0
        }
      },
      "latency_ms": null,
      "status": "ok"
    },
    "advanced_capabilities_probe": {
      "details": {
        "capabilities": {
          "completions": false,
          "elicitation": false,
          "prompts": false,
          "resource_links": false,
          "resources": false,
          "roots": false,
          "sampling": false,
          "structured_outputs": false
        },
        "enabled": [],
        "enabled_count": 0,
        "initialize_capability_keys": []
      },
      "latency_ms": null,
      "status": "missing"
    },
    "connector_publishability_probe": {
      "details": {
        "blockers": [
          "remote_transport",
          "initialize",
          "tools_list",
          "protocol_version",
          "transport_compliance",
          "server_card",
          "tool_surface",
          "auth_flow"
        ],
        "criteria": {
          "action_safety": true,
          "auth_flow": false,
          "connector_replay": true,
          "initialize": false,
          "protocol_version": false,
          "remote_transport": false,
          "request_association": true,
          "server_card": false,
          "session_resume": true,
          "step_up_auth": true,
          "tool_surface": false,
          "tools_list": false,
          "transport_compliance": false
        },
        "high_risk_tools": 0,
        "tool_count": 0,
        "transport": null
      },
      "latency_ms": null,
      "status": "error"
    },
    "connector_replay_probe": {
      "details": {
        "reason": "no_tools"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "determinism_probe": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "initialize": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "interactive_flow_probe": {
      "details": {
        "oauth_supported": false,
        "prompt_available": false,
        "risk_hits": [],
        "safe_hits": []
      },
      "latency_ms": null,
      "status": "missing"
    },
    "oauth_authorization_server": {
      "details": {
        "reason": "no_authorization_server"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "oauth_protected_resource": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "official_registry_probe": {
      "details": {
        "direct_match": false,
        "official_identifiers": [
          "ai.smithery/arjunkmrm-clock",
          "ai.smithery/keremurat-json",
          "ai.smithery/Pratiksha-Kanoja-magicslide-mcp-test",
          "io.github.martc03/cybersecurity-vuln",
          "io.github.martc03/federal-financial-intel",
          "io.github.lu-zhengda/mcp-python-exec-sandbox",
          "io.github.TheNextGenNexus/real-estate-mcp-server",
          "ai.smithery/BigVik193-reddit-ads-mcp-api",
          "io.github.gagandeeppra/mcp-observability-server",
          "io.github.martc03/competitive-intel"
        ],
        "official_peer_count": 10,
        "registry_source": "smithery_registry"
      },
      "latency_ms": null,
      "status": "warning"
    },
    "openid_configuration": {
      "details": {
        "reason": "no_authorization_server"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "probe_noise_resilience": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "prompt_get": {
      "details": {
        "reason": "not_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "prompts_list": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "protocol_version_probe": {
      "details": {
        "latest_known_version": "2025-11-25",
        "reason": "no_protocol_version",
        "validator_protocol_version": "2025-03-26"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "provenance_divergence_probe": {
      "details": {
        "direct_official_match": false,
        "drift_fields": [],
        "metadata_document_count": 1,
        "registry_homepage": null,
        "registry_repository": null,
        "registry_title": null,
        "registry_version": null,
        "server_card_homepage": null,
        "server_card_repository": null,
        "server_card_title": null,
        "server_card_version": null
      },
      "latency_ms": null,
      "status": "ok"
    },
    "request_association_probe": {
      "details": {
        "reason": "no_request_association_capabilities_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "resource_read": {
      "details": {
        "reason": "not_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "resources_list": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "server_card": {
      "details": {
        "reason": "no_server_card_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "session_resume_probe": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "step_up_auth_probe": {
      "details": {
        "auth_required_checks": [],
        "broad_scopes": [],
        "challenge_headers": [],
        "minimal_scope_documented": false,
        "oauth_present": false,
        "scope_specificity_ratio": 0.0,
        "step_up_signals": [],
        "supported_scopes": []
      },
      "latency_ms": null,
      "status": "missing"
    },
    "tool_snapshot_probe": {
      "details": {
        "reason": "no_tools"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "tools_list": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "transport_compliance_probe": {
      "details": {
        "reason": "no_remote_url"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "utility_coverage_probe": {
      "details": {
        "completions": {
          "advertised": false,
          "live_probe": "not_executed",
          "sample_target": null
        },
        "initialize_capability_keys": [],
        "pagination": {
          "metadata_signal": false,
          "next_cursor_methods": [],
          "supported": false
        },
        "tasks": {
          "advertised": false,
          "http_status": null,
          "probe_status": "missing"
        }
      },
      "latency_ms": null,
      "status": "missing"
    }
  },
  "failures": {
    "initialize": {
      "reason": "no_remote_url"
    },
    "oauth_authorization_server": {
      "reason": "no_authorization_server"
    },
    "oauth_protected_resource": {
      "reason": "no_remote_url"
    },
    "openid_configuration": {
      "reason": "no_authorization_server"
    },
    "probe_noise_resilience": {
      "reason": "no_remote_url"
    },
    "server_card": {
      "reason": "no_server_card_url"
    },
    "tools_list": {
      "reason": "no_remote_url"
    }
  },
  "remote_url": null,
  "server_card_payload": null,
  "server_identifier": "manycontacts/whatsapp-mcp"
}

Known versions

No versions recorded.

Validation history

7 day score delta

n/a

30 day score delta

n/a

Recent healthy ratio

Freshness

2.6h

Timestamp	Status	Score	Latency
May 24, 2026 06:45:19 PM UTC	Failing	45.6	18.5 ms
May 24, 2026 10:45:12 AM UTC	Failing	45.6	16.3 ms
May 24, 2026 02:44:39 AM UTC	Failing	45.6	15.7 ms
May 23, 2026 06:44:30 PM UTC	Failing	45.6	16.2 ms
May 23, 2026 10:42:00 AM UTC	Failing	45.6	16.8 ms
May 23, 2026 02:41:07 AM UTC	Failing	45.6	16.4 ms
May 22, 2026 06:39:58 PM UTC	Failing	45.6	26.2 ms
May 22, 2026 10:37:55 AM UTC	Failing	45.6	14.7 ms

Validation timeline

Validated	Summary	Score	Protocol	Auth mode	Changes
May 24, 2026 06:45:19 PM UTC	Failing	45.6	unknown	unknown	none
May 24, 2026 10:45:12 AM UTC	Failing	45.6	unknown	unknown	none
May 24, 2026 02:44:39 AM UTC	Failing	45.6	unknown	unknown	none
May 23, 2026 06:44:30 PM UTC	Failing	45.6	unknown	unknown	none
May 23, 2026 10:42:00 AM UTC	Failing	45.6	unknown	unknown	none
May 23, 2026 02:41:07 AM UTC	Failing	45.6	unknown	unknown	none
May 22, 2026 06:39:58 PM UTC	Failing	45.6	unknown	unknown	none
May 22, 2026 10:37:55 AM UTC	Failing	45.6	unknown	unknown	none
May 22, 2026 02:37:02 AM UTC	Failing	45.6	unknown	unknown	none
May 21, 2026 06:36:32 PM UTC	Failing	45.6	unknown	unknown	none

Recent validation runs

Started	Status	Summary	Latency	Checks
May 24, 2026 06:45:19 PM UTC	Completed	Failing	18.5 ms	action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe
May 24, 2026 10:45:12 AM UTC	Completed	Failing	16.3 ms
May 24, 2026 02:44:39 AM UTC	Completed	Failing	15.7 ms
May 23, 2026 06:44:29 PM UTC	Completed	Failing	16.2 ms
May 23, 2026 10:42:00 AM UTC	Completed	Failing	16.8 ms
May 23, 2026 02:41:07 AM UTC	Completed	Failing	16.4 ms
May 22, 2026 06:39:58 PM UTC	Completed	Failing	26.2 ms
May 22, 2026 10:37:55 AM UTC	Completed	Failing	14.7 ms
May 22, 2026 02:37:02 AM UTC	Completed	Failing	15.1 ms
May 21, 2026 06:36:32 PM UTC	Completed	Failing	15.4 ms