mcp-obsidian
Verified Safeby halbares
Overview
Enables AI agents to directly interact (read, search, write) with an Obsidian knowledge vault.
Installation
uv --directory /path/to/mcp-obsidian run src/server.pyEnvironment Variables
- OBSIDIAN_VAULT_PATH
Security Notes
The `_safe_path` method is implemented to prevent directory traversal attacks by resolving paths and ensuring they remain within the vault. `subprocess` is used to execute `ripgrep` for search functionality; this is a controlled call to an external, well-defined CLI tool, with `--json` output for safer parsing and arguments passed directly (not via shell), mitigating injection risks. No `eval`, hardcoded sensitive secrets, or obvious network risks beyond local file system access are present. A hardcoded fallback path for `OBSIDIAN_VAULT_PATH` is present in `server.py`, but it's a configuration detail, not a security flaw.
Similar Servers
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
obsidian-mcp-plugin
This plugin connects your Obsidian vault to AI assistants through MCP (Model Context Protocol), enabling them to understand and navigate your notes as a connected knowledge graph.
mcp-obsidian
Enables LLMs (like Claude) to programmatically interact with an Obsidian vault through the Local REST API plugin.
obsidian-mcp-server
Provides an OpenAI-compatible local Model Context Protocol (MCP) server within Obsidian, enabling external AI assistants and tools to semantically search the vault and perform file system operations.