Strava MCP Server

25 tools. 6 can modify or destroy data without limits.

6 write tools that can modify data. Rate limits recommended.

Last updated:

6 can modify or destroy data
19 read-only
25 tools total

Community server · catalogue entry verified 30/06/2026

How to control Strava MCP Server ↓

What Strava MCP Server exposes to your agents

Read (19) Write / Execute (6) Destructive / Financial (0)
High Risk

The most dangerous Strava MCP Server tools

6 of Strava MCP Server's 25 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Strava MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Strava MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "disconnect-strava": {
    "limits": [
      {
        "counter": "disconnect-strava_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check-strava-connection": {
    "limits": [
      {
        "counter": "check-strava-connection_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Strava MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON STRAVA →

Instant setup, no code required.

All 25 Strava MCP Server tools

READ 19 tools
Read check-strava-connection Check if Strava is connected and show the current connection status. Use this when the user asks about their c Read explore-segments Returns popular segments within a bounding box (south_west_lat,south_west_lng,north_east_lat,north_east_lng), Read find-nearby-routes Returns the athlete Read get-activity-details Returns detailed metrics for an activity — distance, time, elevation, pace, heart rate, cadence, power, and ef Read get-activity-streams Returns time-series data streams (heart rate, power, GPS, pace, elevation) for an activity at configurable res Read get-all-activities Fetches activity history with optional filtering by date range and activity type. Set summaryMode=true to get Read get-athlete-profile Fetches the profile information for the authenticated athlete, including their unique numeric ID needed for ot Read get-athlete-shoes Fetches the authenticated athlete Read get-athlete-stats Returns recent, year-to-date, and all-time activity totals (distance, elevation, time) for rides, runs, and sw Read get-recent-activities Fetches the most recent activities for the authenticated athlete. Read get-route Fetches detailed information about a specific route using its ID. Read get-segment Returns detailed information about a segment — location, distance, grade, elevation, and effort/athlete counts Read get-segment-effort Returns timing, power, and heart rate data for a specific segment effort. Read get-segment-leaderboard Retrieves the leaderboard for a specific Strava segment. Shows top performances with times, Read get-server-version Returns the Strava MCP server version and related metadata. Read list-athlete-clubs Lists the clubs the authenticated athlete is a member of. Read list-athlete-routes Lists the routes created by the authenticated athlete, with pagination. Read list-segment-efforts Returns the authenticated athlete Read list-starred-segments Lists the segments starred by the authenticated athlete.

Questions about Strava MCP Server

How do I prevent bulk modifications through Strava MCP Server? +

The Strava MCP Server server has 5 write tools including disconnect-strava, export-route-gpx, export-route-tcx. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Strava MCP Server.

How many tools does the Strava MCP Server MCP server expose? +

25 tools across 2 categories: Read, Write. 19 are read-only. 6 can modify, create, or delete data.

How do I enforce a policy on Strava MCP Server? +

Register the Strava MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Strava MCP Server tool call.

Deterministic rules across all 25 Strava MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

25 Strava MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.