www.heista.co

Item: www.heista.co
Rating: 45
Author: wmcp.sh

https://www.heista.co/api/mcp/mcp

45/100 · MCP Trust Grade · checked 5h ago · MCP 2025-06-18

⚠ Rug-pull watch: this server's tool surface has changed 2× since baseline — last 6h ago. Continuously watched by wmcp.sh for drift & rug-pulls.

What it offers — 55 tools · Developer Tools

decode_ad

Decode a specific video ad URL into its full structural formula — beat-by-beat breakdown, hook classification, behavioral psychology stack, creative f

get_decode

Retrieve the full decode bundle for a previously-submitted ad, or poll the status of a running decode job. Takes a single job_id (UUID returned by dec

create_powersource_url

Build a complete creative intelligence profile of a brand from a single website URL. Takes a website URL (homepage, PDP, landing page) plus optional i

get_powersource

Retrieve the full creative intelligence profile for a previously-submitted PowerSource scan, or poll the status of a running scan. Takes a job_id (UUI

create_powersource_docs

Build a complete creative intelligence profile from internal brand documents — creative briefs, brand guidelines, product specs, customer research, co

create_powersource_full

Build the highest-fidelity creative intelligence profile by combining a brand's public website URL with their internal documents. Takes a required web

check_balance

Check the calling user's Heista API credit balance, month-to-date usage broken down by operation, lifetime spend, and the current pricing for every pa

get_hook_intelligence

Browse proven hook patterns from Heista's corpus of decoded winning Meta/TikTok ads. Takes optional filters: vertical (e.g. BEAUTY_SKINCARE, SUPPLEMEN

adformula_intelligence

Browse proven ad formula blueprints — structural patterns clustered from 3-10+ winning ads that independently converged on the same beat architecture

decoder_intelligence

Browse individual decoded ads from Heista's corpus of real winning Meta/TikTok creative. Takes optional filters: vertical, creative_format, marketing_

generate_adscript

Generate direct-response video ad scripts by fusing a proven structural source (decoded ad or formula) with a brand's PowerSource. Output is feed-nati

call_creative_worlds

Heista's creative direction engine — same engine the Creative Director specialist runs internally, exposed over MCP. ONE-SHOT: give a brief, get N fin

chat_with_creative_worlds

Multi-turn conversation with Heista's creative direction engine — a real chat where the agent decides each turn what to produce based on what you ask

list_brands

List every brand in this workspace. Use this BEFORE creating a PowerSource to avoid creating duplicate brand records (pass the matching brand_id to cr

get_brand

Get a brand's full canonical record — name, domain, voice (tone_of_voice), story, visual identity (logo, primary color, visual assets), and counts. Us

list_strategies

List all PowerSource strategies (scans) for a brand. A brand has many strategies — one per scanned URL. Product-page strategies carry product_name and

list_brand_assets

List images for a brand. Filter by PowerSource (this scan only, via powersource_id), by on-pack product_name (the vision tagger's read), by type (logo

add_brand_asset

Upload an image to a brand by URL. The pipeline downloads it, runs the vision tagger (classifies type, detects product name, flags is_primary_product)

+37 more tools

Spec conformance20%80

✓ initialize → protocolVersion 2025-06-18
✓ initialize HTTP 200
✗ unknown method → -32001
✓ tools/list → 55 tools
✓ every tool has name + inputSchema

Security (OWASP MCP)30%15

55 tools scanned
1 injection-markup hits
no secret-path refs

Reliability / performance20%84

single-probe latency 1168ms (PRELIMINARY — continuous uptime/p95 from proxy telemetry lands in v2)

Tool hygiene15%79

98% of tools have typed inputSchema
0/55 declare outputSchema
no unannotated destructive tools

Transparency / provenance15%90

HTTPS ✓
RFC 9728 oauth-protected-resource metadata ✓
advertises protocol 2025-06-18

Observed behavior

No proxied traffic observed for this host yet. Connect it at /connect and its grade gains a measured Reliability score + per-tool behavioral evidence — the half a static scan can't produce.

Findings

FAILMCP01 Tool "list_creative_director_playbook_presets" description contains prompt-injection / hidden-instruction markup.

Grade another server

We re-grade www.heista.co on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — www.heista.co grade F

Share on X Open card image

https://wmcp.sh/mcp/grade/www.heista.co

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade F](https://wmcp.sh/mcp/grade/www.heista.co/badge.svg)](https://wmcp.sh/mcp/grade/www.heista.co)

HTML

<a href="https://wmcp.sh/mcp/grade/www.heista.co"><img src="https://wmcp.sh/mcp/grade/www.heista.co/badge.svg" alt="MCP Trust Grade F · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.