obsidian-http-mcp
Verified Safeby NasAndNora
Overview
Facilitates AI agents, such as Claude Code, to manage Obsidian notes by providing an HTTP-native Model Context Protocol (MCP) server, bypassing stdio transport bugs.
Installation
obsidian-http-mcpEnvironment Variables
- OBSIDIAN_API_KEY
- OBSIDIAN_BASE_URL
- PORT
Security Notes
The server implements path traversal prevention, ReDoS protection (query length limit), PORT validation, type safety, and a request size limit. Soft delete is enabled by default, moving files to a trash directory. Crucially, the documentation explicitly states the server is designed for trusted networks (localhost, LAN, VPN) and does NOT include built-in authentication, rate limiting, or HTTPS. It binds to `0.0.0.0` for cross-platform compatibility, which requires a reverse proxy with authentication, rate limiting, and TLS for production or internet exposure. The strong emphasis on user responsibility for external security measures is a positive, but the lack of built-in measures limits its standalone security score.
Similar Servers
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
obsidian-mcp-plugin
This plugin connects your Obsidian vault to AI assistants through MCP (Model Context Protocol), enabling them to understand and navigate your notes as a connected knowledge graph.
mcp-obsidian
Enables LLMs (like Claude) to programmatically interact with an Obsidian vault through the Local REST API plugin.
obsidian-mcp-server
Provides an OpenAI-compatible local Model Context Protocol (MCP) server within Obsidian, enabling external AI assistants and tools to semantically search the vault and perform file system operations.