obsidian-mcp-server
Provides an MCP server that exposes Obsidian vault operations (read/update/search/list/delete notes; manage YAML frontmatter and tags) by bridging to the Obsidian Local REST API plugin over HTTP, with optional HTTP transport for the MCP server itself.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS to the Obsidian Local REST API can be configured, but README explicitly suggests setting OBSIDIAN_VERIFY_SSL=false due to a self-signed cert default—reducing transport security if misconfigured. Authentication options for the MCP server include JWT and OAuth 2.1; however, the excerpt does not describe fine-grained scopes/authorization boundaries per tool. Secrets are handled via env vars and claims of sensitive data redaction/logging; actual implementation details and dependency vulnerability status are not verifiable from the provided text.
⚡ Reliability
Best When
Used locally or within a trusted network where the Obsidian Local REST API plugin is already configured with an API key, and MCP clients authenticate appropriately.
Avoid When
Avoid connecting over HTTP with SSL verification disabled, or exposing the MCP/bridge endpoints to untrusted networks/users.
Use Cases
- • Integrate Obsidian knowledge bases into AI agents via MCP tooling
- • Automate vault workflows (batch updates, tag/frontmatter management)
- • Enable RAG-style retrieval by searching and reading notes
- • Programmatically refactor note content using search/replace
- • Maintain vault hygiene by listing structures and deleting notes
Not For
- • Running as a general-purpose remote file system without access controls
- • Public internet exposure to untrusted clients (because it can mutate and delete vault content)
- • High-security environments where disabling SSL verification is unacceptable
Interface
Authentication
MCP authentication modes are described (jwt or oauth). The bridge to Obsidian Local REST API relies on an API key configured in the Obsidian plugin settings. The README does not document fine-grained tool/operation scopes for MCP auth.
Pricing
Open-source package; no usage-based pricing described.
Agent Metadata
Known Gotchas
- ⚠ Regex/search tools may be sensitive to escaping and performance; no guardrails are described in the excerpt.
- ⚠ File-path targeting uses case-insensitive fallback; agents should still provide canonical paths to avoid ambiguity.
- ⚠ Mutation tools (update/delete) lack described idempotent semantics; retries may cause unintended repeated changes.
- ⚠ Vault cache fallback exists; agents should consider cache refresh timing for read-after-write consistency.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for obsidian-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.