by chrisdoc
Manage your Hevy workouts, routines, folders, and exercise templates. Create and update sessions faster, organize plans, and search exercises to build workouts quickly. Stay synced with changes so your training log is always up to date.
# Add to your Claude Code skills
git clone https://github.com/chrisdoc/hevy-mcpGuides for using mcp servers skills like hevy-mcp.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@kubb/cli: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/core: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/oas: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/plugin-client: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/plugin-faker: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/plugin-oas: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/plugin-ts: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/plugin-zod: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@kubb/react-fabric: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express-rate-limit: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:20:52.259Z",
"npmAuditRan": true,
"pipAuditRan": true
}hevy-mcp is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by chrisdoc. Manage your Hevy workouts, routines, folders, and exercise templates. Create and update sessions faster, organize plans, and search exercises to build workouts quickly. Stay synced with changes so your training log is always up to date. It has 315 GitHub stars.
hevy-mcp returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/chrisdoc/hevy-mcp" and add it to your Claude Code skills directory (see the Installation section above).
hevy-mcp is primarily written in TypeScript. It is open-source under chrisdoc on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh hevy-mcp against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
A Model Context Protocol (MCP) server implementation that interfaces with the Hevy fitness tracking app and its API. This server enables AI assistants like Claude Desktop and Cursor to access and manage workout data, routines, and exercise templates through the Hevy API (requires PRO subscription).
Pick the workflow that fits your setup:
| Scenario | Command | Requirements |
|---|---|---|
| One-off stdio run | HEVY_API_KEY=your_key npx -y hevy-mcp or HEVY_API_KEY=your_key bunx hevy-mcp@latest |
Node.js ≥ 20, Hevy API key |
| Docker stdio run | docker run -i --rm -e HEVY_API_KEY ghcr.io/chrisdoc/hevy-mcp:latest |
Docker, Hevy API key |
| Local development | npm install && npm run build && npm start |
.env with HEVY_API_KEY |
.nvmrc).bunx.You can launch the server directly without cloning. Both launchers are covered by nightly smoke tests:
# npm launcher
HEVY_API_KEY=your_hevy_api_key_here npx -y hevy-mcp
# bun launcher
HEVY_API_KEY=your_hevy_api_key_here bunx hevy-mcp@latest
# Clone the repository
git clone https://github.com/chrisdoc/hevy-mcp.git
cd hevy-mcp
# Install dependencies
npm install
# Create .env and add your keys
cp .env.sample .env
# Edit .env and add your HEVY_API_KEY
Official multi-platform images are published to GitHub Container Registry for
linux/amd64 and linux/arm64:
export HEVY_API_KEY=your_hevy_api_key_here
docker run -i --rm -e HEVY_API_KEY ghcr.io/chrisdoc/hevy-mcp:latest
The server uses stdio, so -i keeps standard input open for the MCP client.
--rm removes the stopped container automatically. The -e HEVY_API_KEY
form forwards the variable from the host environment without putting the key
in the command arguments.
Use latest to follow the newest stable release. For reproducible deployments,
pin the exact version shown on the release, using a tag such as
ghcr.io/chrisdoc/hevy-mcp:X.Y.Z. Major (:X) and major.minor (:X.Y) tags
are also published for controlled automatic updates.
To use this server with Claude Desktop, add the following to your claude_desktop_config.json:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"hevy-mcp": {
"command": "npx",
"args": ["-y", "hevy-mcp"],
"env": {
"HEVY_API_KEY": "sk_live_your_key_here"
}
}
}
}
If you prefer Bun, swap the launcher fields:
{
"command": "bunx",
"args": ["hevy-mcp@latest"]
}
To run Claude Desktop through Docker instead, first create an environment file outside the repository containing your real key:
HEVY_API_KEY=replace_with_your_real_key
Restrict access to that file where supported (for example,
chmod 600 /absolute/path/to/hevy-mcp.env), then use its absolute path in the
Claude Desktop configuration:
{
"mcpServers": {
"hevy-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--env-file",
"/absolute/path/to/hevy-mcp.env",
"ghcr.io/chrisdoc/hevy-mcp:latest"
]
}
}
}
This configuration runs the same stdio server inside the container; it does
not expose an HTTP port or start a detached service. Docker reads the key from
the environment file, so the Claude configuration does not replace an
inherited key with a placeholder. Replace latest with an exact version tag if
you want Claude Desktop to stay on a pinned release.
Add this server under "mcpServers" in ~/.cursor/mcp.json:
{
"mcpServers": {
"hevy-mcp": {
"command": "npx",
"args": ["-y", "hevy-mcp"],
"env": {
"HEVY_API_KEY": "your-api-key-here"
}
}
}
}
If you prefer Bun, swap the launcher fields:
{
"command": "bunx",
"args": ["hevy-mcp@latest"]
}
For a generic setup flow across MCP clients, use add-mcp:
npx add-mcp hevy-mcp --env "HEVY_API_KEY=secret"
This bootstraps the hevy-mcp entry in your client config without manual JSON edits.
oxlint/oxfmt) for near-instant linting and formatting.Supply your Hevy API key via the HEVY_API_KEY environment variable (in
.env or system environment).
⚠️ CLI API key arguments (
--hevy-api-key=...,--hevyApiKey=...,hevy-api-key=...) are still accepted for backward compatibility, but are deprecated and insecure. UseHEVY_API_KEYinstead.
Set HEVY_MCP_API_TIMEOUT to override the default 30-second Hevy API request
timeout. Its value is in milliseconds.
Set HEVY_MCP_DEBUG=1 to emit verbose, privacy-bounded diagnostics to stderr.
Debug records include tool invocations and sanitized Hevy API response timing
and status details. Other values leave diagnostics disabled, and stdout remains
reserved for the MCP JSON-RPC stream.
# Example .env
HEVY_API_KEY=your_hevy_api_key_here
# Optional: customize Hevy API request timeout (milliseconds)
HEVY_MCP_API_TIMEOUT=30000
# Optional: enable verbose stderr diagnostics (only the value 1 enables it)
HEVY_MCP_DEBUG=1
search-exercise-templates and the hevy://exercise-templates resource use a
shared in-memory async cache for the full exercise template catalog:
refresh: true in the tool input to invalidate the
cached catalog and force a re-fetch from the Hevy API.Paginated get-exercise-templates requests still call the API directly to keep
paging behavior explicit and avoid cross-page invalidation complexity.
hevy-mcp includes Sentry monitoring to observe errors and usage in production. It initializes @sentry/node with tracing enabled and PII collection disabled by default. Recent observability changes also add:
HEVY_API_KEY, so the raw key is never sent to SentryAs of v1.18.0, hevy-mcp removed HTTP/SSE transport and its previous
Docker packaging. Docker support is now available again for the stdio server.
Both npx hevy-mcp and the official container image use stdio; HTTP ports and
detached-container deployment are not supported.
| Category | Tools |
|---|---|
| Workouts | get-workouts, get-workout, create-workout, `up |