openotes
Verified Safeby opencore-x
Overview
Connects AI agents to a markdown knowledge base, typically an Obsidian vault, enabling CRUD operations, search, and organization.
Installation
npm startEnvironment Variables
- PORT
- VAULT_PATH
- MAX_SEARCH_RESULTS
Security Notes
The server implements robust path validation in `src/core/paths.ts` to prevent common file system vulnerabilities such as path traversal (e.g., `..`), absolute path usage, null byte injection, and symlink escapes. All file operations are performed on paths that have been rigorously validated to ensure they remain within the defined vault root directory. Sensitive configurations like `VAULT_PATH` are loaded from environment variables (`.env`), avoiding hardcoded secrets. The `delete` tool requires explicit `confirm: true` argument, adding an essential safety confirmation step. Remote access is explicitly recommended via Cloudflare Tunnel and Cloudflare Access, providing a secure, authenticated layer that prevents direct exposure of the server to the public internet.
Similar Servers
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
obsidian-mcp-plugin
Gives AI semantic agency over an Obsidian knowledge graph, enabling AI assistants to understand and navigate notes as a connected knowledge graph through the Model Context Protocol (MCP).
scraps
The Scraps MCP server provides a Model Context Protocol interface for AI assistants to query a knowledge base of interconnected Markdown documentation, enabling intelligent search, tag listing, and link/backlink lookup functionalities.
AI-Prompt-Guide-MCP
Orchestrates AI agents for project management and development workflows by linking structured markdown specifications and tasks.