mcp-obsidian-universal
by breannasalah
Overview
This server allows AI models to interact with an Obsidian vault, providing tools for reading, writing, searching, and managing notes.
Installation
npm startEnvironment Variables
- OBSIDIAN_VAULT_PATH
- PORT
- HOST
- LOG_LEVEL
Security Notes
CRITICAL SECURITY CONCERNS: The `search_notes` function directly constructs a regular expression from user-provided input (`query`), leading to a severe Regular Expression Denial of Service (ReDoS) vulnerability. A malicious or malformed regex query could freeze the server indefinitely. Furthermore, there is no authentication layer, meaning any local process can access and fully control your Obsidian vault (read, write, delete notes and folders) via the server. While it defaults to `localhost`, this still exposes the entire vault to local applications without any security checks. The `keytar` dependency is present but unused in the provided code, offering no current security benefit.
Similar Servers
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
mcp-obsidian
Enables LLMs (like Claude) to programmatically interact with an Obsidian vault through the Local REST API plugin.
obsidian-mcp-server
Provides an OpenAI-compatible local Model Context Protocol (MCP) server within Obsidian, enabling external AI assistants and tools to semantically search the vault and perform file system operations.
obsidian-mcp-server
Enables AI assistants to interact with and manage an Obsidian markdown vault via the Model Context Protocol (MCP).