Strava

24 tools. 4 can modify or destroy data without limits.

4 write tools that can modify data. Rate limits recommended.

Last updated:

4 can modify or destroy data
20 read-only
24 tools total

Community server · catalogue entry verified 26/06/2026

How to control Strava ↓

What Strava exposes to your agents

Read (20) Write / Execute (4) Destructive / Financial (0)
High Risk

The most dangerous Strava tools

4 of Strava's 24 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Strava

PolicyLayer is an MCP gateway — it sits between your AI agents and Strava, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "star-segment": {
    "limits": [
      {
        "counter": "star-segment_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check-strava-connection": {
    "limits": [
      {
        "counter": "check-strava-connection_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Strava — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON STRAVA →

Instant setup, no code required.

All 24 Strava tools

READ 20 tools
Read check-strava-connection Check if Strava is connected and show the current connection status. Use this when the user asks about their c Read explore-segments Searches for popular segments within a given geographical area. Read format-workout-file Formats a workout plan into a structured file format (currently supports Zwift .zwo) Read get-activity-details Fetches detailed information about a specific activity using its ID. Read get-activity-streams Retrieves detailed time-series data streams from a Strava activity. Perfect for analyzing workout metrics, Read get-all-activities Fetches complete activity history with optional filtering by date range and activity type. Supports pagination Read get-athlete-profile Fetches the profile information for the authenticated athlete, including their unique numeric ID needed for ot Read get-athlete-shoes Fetches the authenticated athlete Read get-athlete-stats Fetches the activity statistics (recent, YTD, all-time) for a specific athlete using their ID. Requires the at Read get-recent-activities Fetches the most recent activities for the authenticated athlete. Read get-route Fetches detailed information about a specific route using its ID. Read get-segment Fetches detailed information about a specific segment using its ID. Read get-segment-effort Fetches detailed information about a specific segment effort using its ID. Read get-segment-leaderboard Retrieves the leaderboard for a specific Strava segment. Shows top performances with times, Read get-server-version Returns the Strava MCP server version and related metadata. Read list-athlete-clubs Lists the clubs the authenticated athlete is a member of. Read list-athlete-routes Lists the routes created by the authenticated athlete, with pagination. Read list-segment-efforts Lists the authenticated athlete Read list-starred-segments Lists the segments starred by the authenticated athlete. Read export-route-tcx Exports a specific Strava route in TCX format and saves it to a pre-configured local directory.

Questions about Strava

How do I prevent bulk modifications through Strava? +

The Strava server has 3 write tools including star-segment, disconnect-strava, export-route-gpx. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Strava.

How many tools does the Strava MCP server expose? +

24 tools across 2 categories: Read, Write. 20 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on Strava? +

Register the Strava MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Strava tool call.

Deterministic rules across all 24 Strava tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

24 Strava tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.