StravaMCP
Verified Safeby Stealinglight
Overview
A remote Model Context Protocol (MCP) server that enables AI assistants like Claude and ChatGPT to interact with a user's Strava data.
Installation
bun run devEnvironment Variables
- STRAVA_CLIENT_ID
- STRAVA_CLIENT_SECRET
- STRAVA_REFRESH_TOKEN
- AUTH_TOKEN
Security Notes
No 'eval' or code obfuscation found. Hardcoded secrets are avoided by loading all sensitive data (Strava API credentials, AUTH_TOKEN) from environment variables. All tool inputs are validated using Zod schemas, mitigating injection risks. Access to the Lambda function URL is secured by a Bearer token authentication middleware that validates against an `AUTH_TOKEN` environment variable. While a broad CORS policy (`AllowOrigins: '*'`) is configured, access remains protected by the required `AUTH_TOKEN`. The `StravaClient` handles OAuth 2.0 token refreshing securely and automatically.
Similar Servers
spotify-mcp-server
Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).
hevy-mcp
This server acts as a Model Context Protocol (MCP) interface, enabling AI assistants to interact with the Hevy fitness tracking app's API to manage workout data, routines, exercise templates, folders, and webhook subscriptions.
pierre_mcp_server
Conversational AI fitness coaching and data analysis platform with provider integrations and user management.
arvo-mcp
Connects AI assistants to Arvo's AI fitness coach to access and manage workout data, personal records, and training plans via the Model Context Protocol.