Server data from the Official MCP Registry
WHOOP recovery, strain, sleep and workouts in Claude via official WHOOP OAuth. Free, open source.
WHOOP recovery, strain, sleep and workouts in Claude via official WHOOP OAuth. Free, open source.
Remote endpoints: streamable-http: https://missingmcp.com/whoop/mcp
MissingMCP is a well-architected OAuth 2.1 gateway with strong authentication, encryption, and token isolation mechanisms. Code quality is generally good with proper input validation and error handling. Minor concerns exist around logging of sensitive data in debug mode and token storage hashing patterns, but these do not materially impact the security posture for the intended use case (trusted small group of users). Permissions are appropriately scoped to the gateway's OAuth + worker-management purpose. Supply chain analysis found 5 known vulnerabilities in dependencies (0 critical, 3 high severity).
4 files analyzed · 10 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: GATEWAY_SECRET
Environment variable: PUBLIC_URL
Environment variable: PORT
Environment variable: DATA_DIR
Environment variable: DB_PATH
Environment variable: GARMIN_MCP_CMD
Environment variable: GARMIN_MCP_REF
Environment variable: WORKER_IDLE_TTL
Environment variable: WORKER_STARTUP_TIMEOUT
Environment variable: MAX_WORKERS
Environment variable: ACCESS_TOKEN_TTL_DAYS
Environment variable: OPERATOR_URL
Environment variable: WHOOP_API_BASE
Environment variable: BACKUP_S3_REGION
Environment variable: BACKUP_S3_URL_STYLE
Environment variable: BACKUP_INTERVAL_HOURS
Environment variable: GATEWAY_LOG_FILE
Environment variable: GATEWAY_LOG_LEVEL
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
From the project's GitHub README.
The MCP servers exist. Connecting them shouldn't be complicated.
A multi-user, OAuth 2.1–protected gateway that hosts the connectors Claude is
missing, so a small trusted circle can connect their own accounts from any
Claude client (iOS, Android, Web, Desktop). The flagship connector is
Garmin Connect: the gateway wraps the
unmodified garmin_mcp worker and
adds OAuth, per-user token isolation, and a reverse proxy. WHOOP
is served the same way but in-process, on WHOOP's own official OAuth v2 API.
The core is adapter-based and supports three forward strategies — worker
(garmin), local (whoop, in-process, no subprocess), and remote (MCP +
header injection, for services with a hosted MCP that lacks its own OAuth) —
see Connectors. The reference deployment runs at
missingmcp.com.
Claude → POST /garmin/mcp (Bearer) → Gateway → 127.0.0.1:<port>/mcp (per-user garmin_mcp) → connect.garmin.com
garmin_mcp is a great MCP server, but it's single-user and stdio-only: each
person has to run it locally with their own Garmin tokens. This gateway makes it a
remote MCP server any Claude client can connect to over HTTP, with a proper
OAuth sign-in flow — so non-technical users just click "connect" and log in with
their Garmin credentials, and never touch a terminal or a token file.
GATEWAY_SECRET. Bearer tokens are stored only as SHA-256 hashes.garmin_mcp worker bound to
127.0.0.1, started on demand and reaped when idle.garmin_mcp worker pinned to a reviewed commit./ and as a friendly fallback for
unknown paths.Railway (how missingmcp.com runs): one service built from the Dockerfile,
a volume mounted at /data, a single replica (the gateway keeps process-local
state by design), and TLS terminated at the Railway edge. Set the env vars from
Configuration on the service; pushes to main deploy
automatically once the service is connected to the GitHub repo. An optional
Railway bucket enables Backups (railway bucket create backups,
then wire its credentials as the BACKUP_S3_* variables).
Self-hosted (plain Docker):
cp .env.example .env # set GATEWAY_SECRET, PUBLIC_URL, pin GARMIN_MCP_REF
docker build -t missingmcp .
docker run -d --name missingmcp --restart unless-stopped --env-file .env \
-p 127.0.0.1:8080:8080 -v missingmcp-data:/data missingmcp
Put any TLS-terminating proxy in front (Caddy, nginx, Traefik). One non-obvious
requirement: /<adapter>/mcp streams SSE, so disable response buffering and
raise the read timeout (nginx: proxy_buffering off; proxy_read_timeout 3600s;).
Then add https://<your-domain>/garmin/mcp as a remote MCP server in Claude.
uv pip install -e ".[dev]"
uv run --extra dev pytest -q # run the test suite
# Run the gateway locally (no Garmin account needed to exercise the OAuth surface).
# garmin-mcp isn't on PATH locally, so point GARMIN_MCP_CMD at uvx.
GATEWAY_SECRET="$(openssl rand -base64 48)" \
PUBLIC_URL=http://localhost:8088 PORT=8088 DATA_DIR=./.localdata \
GARMIN_MCP_CMD="uvx --python 3.12 --from git+https://github.com/Taxuspt/garmin_mcp garmin-mcp" \
uv run missingmcp
A .env file in the working directory is loaded automatically (real environment
variables take precedence), so you can drop the same values there instead.
Each connector is mounted under its own path prefix with its own OAuth flow and
its own Bearer tokens (there is no bare /mcp). The landing page on / lists
the available connectors.
/garmin/mcpSign in with your Garmin Connect email + password (MFA supported). The password
is used once for the Garmin login and discarded; only the resulting Garmin
session tokens are stored (AES-256-GCM encrypted). Each account gets its own
garmin_mcp worker process, bound to 127.0.0.1, started on demand and reaped
when idle.
/whoop/mcpSign in on WHOOP's own OAuth page — the gateway never sees your WHOOP password, only the resulting (encrypted, read-only) tokens. Covers recovery, sleep, strain & daily cycles, workouts, and body measurements. Served in-process on WHOOP's official v2 API (no worker subprocess, no shared upstream). Requires the operator to register a WHOOP developer app — see WHOOP connector setup in Configuration.
The gateway briefly served a Rohlík connector (remote strategy: credential
headers injected into the hosted Rohlík MCP). It was retired in 2026-07 when
Rohlík shipped its own OAuth-protected MCP — add
https://mcp.rohlik.cz/mcp directly as a custom connector in Claude and sign
in in the browser (Rohlík's guide).
The remote-forward strategy remains a first-class, tested part of the core
(tests/test_remote_forward.py) for the next service that needs it.
claude mcp add --transport http garmin https://<your-domain>/garmin/mcp
(whoop: claude mcp add --transport http whoop https://<your-domain>/whoop/mcp).Set via environment (or .env). See .env.example.
| Variable | Required | Default | Description |
|---|---|---|---|
GATEWAY_SECRET | yes | — | ≥32-char key for token encryption. Refuses to start with the placeholder. Generate with openssl rand -base64 48. |
PUBLIC_URL | yes | http://localhost:8080 | Public URL used in OAuth metadata + redirects. |
PORT | no | 8080 | Listen port. |
DATA_DIR | no | /data | Where the SQLite DB and per-user token dirs live. |
DB_PATH | no | $DATA_DIR/gateway.db | Override the DB path. |
GARMIN_MCP_CMD | no | garmin-mcp | Command to spawn the worker. Use a uvx … invocation when garmin-mcp isn't on PATH. |
GARMIN_MCP_REF | no | pinned SHA in Dockerfile | Docker build arg: commit of garmin_mcp to install. Bumping it is a deliberate, reviewed action — afterwards run python scripts/gen_garmin_tools.py to refresh the tool listing on the /garmin page. |
WORKER_PORT_START / WORKER_PORT_END | no | 9000 / 9099 | Port range for per-user workers. |
WORKER_IDLE_TTL | no | 900 | Seconds before an idle worker is reaped. |
WORKER_STARTUP_TIMEOUT | no | 20 | Seconds to wait for a worker to become healthy. |
MAX_WORKERS | no | 10 | Max concurrent per-user workers. |
ACCESS_TOKEN_TTL_DAYS | no | 90 | Bearer token lifetime; user re-authenticates after it. 0 disables expiry. |
OPERATOR_NAME / OPERATOR_EMAIL | no | — | Shown on the landing page. |
OPERATOR_URL | no | — | Homepage the operator name links to (footer, trust notes). Unset → plain text. |
WHOOP_CLIENT_ID / WHOOP_CLIENT_SECRET | no | — | Credentials of your WHOOP developer app (see WHOOP connector setup); both unset ⇒ the whoop connector is disabled. |
WHOOP_API_BASE | no | https://api.prod.whoop.com | WHOOP API origin; override only for testing. |
BACKUP_S3_ENDPOINT / BACKUP_S3_BUCKET / BACKUP_S3_ACCESS_KEY / BACKUP_S3_SECRET_KEY | no | — | S3-compatible bucket for off-box DB backups (see Backups). Backups are disabled unless all four are set. |
BACKUP_S3_REGION | no | auto | SigV4 region of the bucket. |
BACKUP_S3_URL_STYLE | no | virtual-host | virtual-host (Railway buckets) or path. |
BACKUP_INTERVAL_HOURS | no | 6 | Hours between backup uploads. First backup runs right after startup. |
GATEWAY_LOG_FILE | no | — | If set, tees structured + stdlib logs to this file. |
GATEWAY_LOG_LEVEL | no | info | debug|info|warning|error|critical. debug is verbose (logs garminconnect/urllib3 internals) — avoid in production. |
https://<your-domain>/whoop/oauth/callback — exact match required.read:recovery read:cycles read:workout read:sleep read:profile read:body_measurement offline
(offline is required — without it WHOOP issues no refresh token and sessions die after an hour).WHOOP_CLIENT_ID / WHOOP_CLIENT_SECRET.Note: an unapproved WHOOP app is limited to 10 WHOOP members. To lift the limit, submit the app for approval: https://developer.whoop.com/docs/developing/app-approval/ (requirements: API Terms of Use compliance, tested with ≥1 member, accurate app name / contact email / privacy-policy URL in the dashboard, brand-guidelines compliance, and their Typeform submission).
Operating obligations under the WHOOP API Terms of Use (the gateway's design already covers the technical ones — no WHOOP data stored, encrypted tokens, auto-purge of revoked accounts):
invalid_grant), deletes the stored tokens, and revokes the
member's gateway access tokens (log event whoop-account-revoked).When the BACKUP_S3_* variables are set, the gateway uploads a consistent
SQLite snapshot (via the SQLite backup API, WAL-safe) to the bucket right
after startup and then every BACKUP_INTERVAL_HOURS. Keys rotate by weekday
(db/gateway-mon.db … db/gateway-sun.db), giving seven days of retention
with no cleanup logic. Watch the backup-ok / backup-failed log events.
Only the DB is backed up — per-user token dirs under DATA_DIR/users/ are
re-materialized from the DB on demand.
The backup is useless without
GATEWAY_SECRET(account blobs stay AES-256-GCM encrypted inside it) — and that is the point. Keep a copy ofGATEWAY_SECRETsomewhere that is not the bucket and not Railway (e.g. your password manager). Losing the secret = losing every account.
Restore: download the newest object, put it at $DATA_DIR/gateway.db
(delete any stale gateway.db-wal/-shm next to it), set the same
GATEWAY_SECRET, start the gateway. Bearer tokens and logins survive;
workers respawn lazily.
Three helper scripts work directly on the gateway's DB (safe to run while the gateway is live):
python scripts/status.py # snapshot: accounts, their devices (token
# prefixes), usage summary, running workers
python scripts/revoke.py --list # accounts + token counts
python scripts/revoke.py --account [<adapter>:]<key> # kill-switch: revoke ALL the
# account's tokens (bare key = garmin)
python scripts/revoke.py --account <key> --purge # + delete stored account & usage
python scripts/revoke.py --device <hash-prefix> # revoke ONE device (prefix from status.py)
python scripts/usage.py # per-account tool usage + leaderboard
python scripts/usage.py --account [<adapter>:]<key> # one account's per-tool breakdown
python scripts/subscribers.py # newsletter signups + suggestions
python scripts/subscribers.py --emails # subscriber emails, one per line
With Docker the scripts are baked into the image at /app/scripts; run them
inside the container. status.py finds the DB under /data automatically:
docker exec missingmcp python /app/scripts/status.py
docker logs -f missingmcp # live structured-JSON events
On Railway run them over railway ssh; logs live in the Railway dashboard
(railway logs --service gateway for a live tail):
railway ssh --service gateway "python3 /app/scripts/status.py"
railway ssh --service gateway "python3 /app/scripts/revoke.py --account <email>"
All logging is structured JSON on stdout (one event per line) with a proper
level attribute — including uvicorn/stdlib records (event stdlib-log) and
each worker's own output (event worker-log, with an account attribute;
lines matching ERROR/Traceback are elevated to error severity). On Railway
that makes everything searchable in the log explorer — filter e.g.
@event:worker-log @account:<email> to trace one user's worker, or
@level:error for problems. Request latency is recorded per call in the
mcp-response event (ttfb_ms, total_ms, bytes, tool, account);
login/verify and worker-spawn events carry ms durations. The gateway also
logs a stats event (accounts / tokens / people-with-token / clients /
active-workers) on startup and whenever those counts change, and status.py
lists the running workers.
The gateway keeps its own DB tidy — no manual grooming needed. Alongside expiring old auth codes and access tokens, the background loop (roughly once a minute):
status.py's OAuth-client count tracks
the number of connected devices rather than growing with every failed attempt.
Revoking a device also leaves its client token-less, so it's swept the same way.Both are logged only when they actually delete something — cleanup-orphan-clients
(count) and cleanup-dead-adapter (adapter + per-table counts) — so a quiet
log means there was nothing to clean. The one-hour threshold is a fixed constant,
not an env var, by design.
garminconnect, stores only the resulting
tokens (encrypted), and discards the password./garmin/mcp call the gateway ensures the user's garmin_mcp worker is running
(its own tokens, bound to 127.0.0.1) and reverse-proxies to it.Adapters using the remote strategy replace steps 2 and 4 with a probe-verify against the upstream MCP and a direct header-injected forward — no worker.
Adapters using an upstream-OAuth login (whoop) replace step 2 with a redirect to the provider's own OAuth page; the provider calls back with tokens, which the gateway verifies and persists the same way (verify-then-persist is unchanged). Adapters using the local strategy (whoop) replace step 4: the request is handled in-process — no worker, no shared upstream — and the gateway refreshes the account's rotating WHOOP tokens itself as needed.
GATEWAY_SECRET.127.0.0.1 only; garmin_mcp is pinned to a reviewed commit.Deploy only on infrastructure you control and trust. Back up
DATA_DIR; keepGATEWAY_SECRETseparately.
GATEWAY_SECRET (openssl rand -base64 48) — the app
refuses to start with the placeholder from .env.example.GARMIN_MCP_REF to a reviewed commit SHA — main is a floating ref that
can change without notice (supply-chain).ACCESS_TOKEN_TTL_DAYS (default
90; the user just re-authenticates in Claude). To revoke sooner — a leaked token
or a removed user — run python scripts/revoke.py --account [<adapter>:]<email> (kill-switch
for all of that account's tokens). A single device can be revoked with --device <hash-prefix> (prefixes are shown by status.py).If this gateway is useful to you, you can buy me a beer 🍺.
MIT © 2026 Vaclav Slajs
Wraps the excellent garmin_mcp by Taxuspt,
unmodified. Garmin and Garmin Connect are trademarks of Garmin Ltd.; this project is
not affiliated with or endorsed by Garmin.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.