hevy-mcp
Verified Safeby chrisdoc
Overview
The Model Context Protocol (MCP) server for the Hevy Fitness API enables AI assistants to access and manage workout data, routines, exercise templates, and more through the Hevy API.
Installation
HEVY_API_KEY=your_hevy_api_key_here npx -y hevy-mcpEnvironment Variables
- HEVY_API_KEY
Security Notes
The project fetches an OpenAPI specification from `api.hevyapp.com` during the `export-specs` build step, which involves parsing external JavaScript content. While `JSON.parse` is safer than `eval`, relying on external code always carries a risk if the source is compromised. The Sentry DSN is hardcoded in `src/index.ts`, which is not a critical vulnerability but generally configurable for server-side telemetry. Good security practices are observed for API key handling (via environment variables/CLI args) and webhook URL validation (ensuring HTTPS/HTTP and no loopback addresses).
Similar Servers
tmcp
Build Model Context Protocol (MCP) servers for AI agents to interact with external tools and data sources, enabling LLMs to access context and perform actions.
jentic-sdks
The Jentic MCP Plugin enables AI-agent builders to discover, load, and execute external APIs and workflows via the Model Configuration Protocol (MCP), generating LLM-compatible tool definitions.
pierre_mcp_server
A web dashboard and API for managing and monitoring fitness data from various providers (e.g., Strava, Fitbit), offering AI-powered analysis, multi-tenant capabilities, and real-time updates.
mcp-helm
Provides an MCP server for AI assistants to interact with Helm repositories and charts without requiring local Helm installation.