strava-mcp-server
Verified Safeby rousseya
Overview
Provides an MCP server to interact with Strava, offering activity retrieval, performance statistics, and activity management tools like renaming and e-bike detection.
Installation
uv run python app.pyEnvironment Variables
- STRAVA_CLIENT_ID
- STRAVA_CLIENT_SECRET
- STRAVA_ACCESS_TOKEN
- STRAVA_REFRESH_TOKEN
- SPACE_URL
- SECRET_KEY
- API_TOKEN
Security Notes
The `scripts/get_tokens.py` file hardcodes `CLIENT_ID` and `CLIENT_SECRET`. While these appear to be public example credentials often used in Strava API examples and not a leak of private keys, hardcoding credentials in source code is a significant security anti-pattern and should be avoided. The server's main application code (`app.py`, `strava_client.py`) correctly utilizes environment variables for all secrets. `TrustedHostMiddleware` in `app.py` is configured with `allowed_hosts=["*"]`, which is overly permissive for general production use but might be acceptable within a managed container environment like Hugging Face Spaces; for other deployments, it should be restricted. The optional `API_TOKEN` for bearer authentication to the MCP endpoint is a good security feature.
Similar Servers
hevy-mcp
This server acts as a Model Context Protocol (MCP) interface, enabling AI assistants to interact with the Hevy fitness tracking app's API to manage workout data, routines, exercise templates, folders, and webhook subscriptions.
pierre_mcp_server
Conversational AI fitness coaching and data analysis platform with provider integrations and user management.
stape-mcp-server
Implements an MCP server for the Stape platform, providing comprehensive tools for managing Stape resources such as containers, domains, analytics, schedules, billing, and various platform-specific configurations.
iracing-data-mcp-server
Provides an MCP server and CLI tool for accessing iRacing racing simulation data API for AI assistant integration and direct command-line use.