Strava Mcp Unofficial
strava-mcp-server
Local-first MCP server that connects AI agents to your Strava activities, routes, streams and training context.
Unofficial project. Not affiliated with, endorsed by or supported by Strava, Inc. Strava is a trademark of its respective owner. Use this only with your own Strava account and in line with Strava's API agreement.
Built by David Mosiah for people who use Claude, Cursor, Hermes, OpenClaw or other MCP-compatible agents to think about training, endurance and performance — without copy-pasting numbers from Strava.
Part of Delx Wellness, a registry of local-first wellness MCP connectors.
If this connector helps your agent workflow, please star the repo. Stars make the project easier for other AI builders to discover and help Delx keep shipping local-first wellness infrastructure.
Why this exists
Strava holds the long memory of your training — every ride, run, swim, segment, route and stream. But it lives behind an OAuth API with strict rate limits (200 req/15min, 2k/day per app) and GPS data that's privacy-sensitive by default.
This package does the OAuth dance locally, throttles under Strava's per-app limits, redacts GPS lat/lng unless you explicitly opt in, and exposes Strava through the Model Context Protocol. Any MCP-compatible agent gets your training context with one config snippet. Tokens never leave your machine.
Setup in 60 seconds
You'll need a Strava app (create one here) with redirect URI http://127.0.0.1:3000/callback.
npx -y strava-mcp-unofficial setup # interactive: paste client id + secret
npx -y strava-mcp-unofficial auth # opens browser, captures the OAuth code
npx -y strava-mcp-unofficial doctor # verifies you're ready
doctor should report these scopes as granted:
read activity:read_all profile:read_all
If only read is granted, re-run auth. Then add this to your MCP client config:
{
"mcpServers": {
"strava": {
"command": "npx",
"args": ["-y", "strava-mcp-unofficial"]
}
}
}
For Claude Desktop, run setup --client claude and the snippet is written for you.
Try it with your agent
Three things to ask first:
Use strava_connection_status to check setup, then run strava_daily_summary.
Tell me what my training context looks like in 5 lines.
Call strava_weekly_summary with response_format=json. Find my biggest
load/intensity bottleneck and give me a next-week endurance plan.
Use the strava_activity_stream_investigator prompt for activity_id=<id>.
Don't expose GPS unless I explicitly ask for it.
Data availability
This package uses the official Strava API v3. When this README says raw, it means the upstream Strava JSON for a supported endpoint — not continuous device telemetry.
| Data | Available | Notes |
|---|---|---|
| Activities (runs, rides, swims, walks, workouts) | ✓ | All recorded activities |
| Activity details + zones + splits | ✓ | HR, power, cadence, elevation, gear |
| Activity streams (HR / cadence / watts / altitude) | ✓ | Per-second samples for the activity |
| GPS lat/lng streams | opt-in | Hidden by default; requires include_gps=true or raw mode |
| Athlete profile + zones + aggregate stats | ✓ | Authenticated athlete |
| Routes + clubs + gear | ✓ | Route geometry redacted in summary/structured modes |
| Live device telemetry / continuous HR | — | Not exposed by Strava's public API |
Tools
Start with these:
strava_connection_status— verify local setup, scopes and readiness before calling Stravastrava_daily_summary— latest activity, weekly load and intensity context for todaystrava_weekly_summary— scorecard, comparison vs prior week, next-week training plan
Auth & diagnostics
strava_capabilities,strava_agent_manifest,strava_privacy_audit,strava_cache_statusstrava_get_auth_url,strava_exchange_code,strava_revoke_access
Athlete & training
strava_get_athlete,strava_get_zones,strava_get_athlete_stats
Activities & streams
strava_list_activities,strava_get_activity,strava_get_activity_zonesstrava_get_activity_streams— GPS lat/lng requiresinclude_gps=trueorrawmode
Routes & context
strava_list_routes,strava_get_route,strava_list_clubs,strava_get_gear
Prompts
strava_daily_training_director— practical daily training briefstrava_weekly_endurance_review— week comparison + next-week endurance planstrava_activity_stream_investigator— investigate one activity using streams (GPS-aware)
Each accepts timezone (IANA, default UTC).
Resources
strava://capabilities,strava://agent-manifeststrava://athletestrava://latest/activitystrava://summary/daily,strava://summary/weekly
Privacy & security
- OAuth tokens are stored in
~/.strava-mcp/tokens.jsonwith0600permissions and are never returned by tools. - Write/upload scopes are not requested by default — read-only by design.
- GPS lat/lng is removed in
summarymode, limited instructuredmode, and only included with explicitinclude_gps=trueorrawmode. - Route geometry is also redacted unless raw mode is explicitly requested.
- The MCP client never sees access or refresh tokens.
- This is not medical advice. The server exposes user-authorized data for personal AI workflows, not diagnosis or training prescription.
Configuration
setup writes most of these into ~/.strava-mcp/config.json (0600). Manual env override is supported:
STRAVA_CLIENT_ID=…
STRAVA_CLIENT_SECRET=…
STRAVA_REDIRECT_URI=http://127.0.0.1:3000/callback
# Optional
STRAVA_SCOPES="read activity:read_all profile:read_all"
STRAVA_PRIVACY_MODE=structured # summary | structured | raw
STRAVA_CACHE=sqlite # optional read-through cache
Hermes / remote setup
npx -y strava-mcp-unofficial setup --client hermes --no-auth
npx -y strava-mcp-unofficial auth # run locally if browser auth is needed
npx -y strava-mcp-unofficial doctor --client hermes
hermes mcp test strava
Hermes commonly exposes Strava tools with a prefix:
mcp_strava_strava_agent_manifestmcp_strava_strava_connection_statusmcp_strava_strava_daily_summarymcp_strava_strava_weekly_summarymcp_strava_strava_get_activity_streams
After Hermes config changes, use /reload-mcp or hermes mcp test strava. Don't restart the gateway for normal data access.
If browser OAuth has to happen on a different machine than Hermes, run auth locally and copy ~/.strava-mcp/tokens.json to the server with chmod 600. The token must include activity:read_all profile:read_all read for activity history and streams.
Requirements
- Node.js 20+
- A Strava app with redirect URI
http://127.0.0.1:3000/callback
Why these scopes:
read— public profile, routes and public Strava resourcesactivity:read_all— your activities, including private activities visible to your appprofile:read_all— fuller authenticated athlete profile fields
No write scope is requested by default.
Development
git clone https://github.com/davidmosiah/strava-mcp.git
cd strava-mcp
npm install
npm test
npm run build
Test with MCP Inspector:
npx @modelcontextprotocol/inspector node dist/index.js
Links
- npm: https://www.npmjs.com/package/strava-mcp-unofficial
- Docs site: https://wellness.delx.ai/connectors/strava
- Legacy docs: https://stravamcp.vercel.app/
- GitHub Pages mirror: https://davidmosiah.github.io/strava-mcp/
- Delx Wellness registry: https://github.com/davidmosiah/delx-wellness
- Connector quality standard: https://github.com/davidmosiah/delx-wellness/blob/main/docs/connector-quality-standard.md
- Strava API docs: https://developers.strava.com/docs/reference/
- Strava auth docs: https://developers.strava.com/docs/authentication/
License
MIT — see LICENSE.
Disclaimer
This software is provided as-is. It is not a medical device, does not provide medical advice, and should not be used for diagnosis, treatment or training prescription. Always consult qualified professionals for medical or training concerns.
Server Config
{
"mcpServers": {
"strava": {
"command": "npx",
"args": [
"-y",
"strava-mcp-unofficial"
]
}
}
}