{"attribution":"MCP Queen — the evidence layer for MCP (https://mcpqueen.com)","license":"CC BY 4.0 — free to use with attribution and a link to mcpqueen.com","methodology":"https://mcpqueen.com/registry#methodology","docs":"https://mcpqueen.com/api","generated_at":"2026-07-17T09:44:40.888Z","server":{"name":"io.github.fmp-projects/fitness-ai-connector","title":"Fitness AI Connector","description":"Garmin data in Claude & ChatGPT via the Garmin Health API. OAuth sign-in, no password sharing.","version":"2.0.0","remote_url":"https://garmin-mcp-nuqd.onrender.com/mcp","repo_url":"https://github.com/fmp-projects/fitness-ai-connector"},"operational_grade":{"grade":"C","score":66,"provisional":1,"reachable":1,"auth_state":"auth-wellbehaved","latency_ms":499,"tool_count":null,"probed_at":"2026-07-17T01:30:13.977Z","evidence":[{"criterion":"reachability","points":18,"max":25,"evidence":"HTTP 401 in 499ms — auth required; WWW-Authenticate present: \"Bearer resource_metadata=\"https://garmin-mcp-nuqd.onrender.com/.well-known/oauth-protected-resource/mcp\"\""},{"criterion":"protocol","points":0,"max":15,"evidence":"handshake not reachable behind auth — unverified"},{"criterion":"tooling","points":0,"max":0,"evidence":"auth-gated — tooling unverifiable, excluded from score (grade marked provisional)"},{"criterion":"latency","points":10,"max":10,"evidence":"initialize round-trip 499ms"},{"criterion":"provenance","points":15,"max":15,"evidence":"description present; repository linked; version 2.0.0; namespace io.github.fmp-projects matches endpoint/repo"}],"protocol_access":"auth-wellbehaved"},"field_semantics":{"auth_state":"Deprecated name retained for compatibility. It means protocol handshake/discovery access only, not tool-level data entitlement.","protocol_access":"Preferred name for auth_state."},"audit_state":"observations_published","observations":[{"dimension":"security","metric":"authentication_boundary","status":"observed","value_text":"auth-wellbehaved","evidence":"Live protocol probe observed auth_state=auth-wellbehaved. This describes discovery/access behavior; it is not by itself a vulnerability finding.","source_type":"live_probe","sample_size":null,"observed_at":"2026-07-17T01:30:13.977Z","methodology_version":"trust-v1"}],"response_benchmarks":[],"reviewed_field_reports":[],"interpretation":"Dimensions are independent; missing evidence is not a pass; field reports are qualitative, moderated and never votes."}