{"id":"jimprosser-obsidian-web-mcp","name":"obsidian-web-mcp","homepage":null,"repo_url":"https://github.com/jimprosser/obsidian-web-mcp","category":"api-gateway","subcategories":[],"tags":["mcp","obsidian","python","oauth","cloudflaretunnel","http","filesystem","search","security"],"what_it_does":"obsidian-web-mcp is a Python MCP server that exposes an Obsidian vault over HTTPS so remote MCP clients (e.g., Claude web/phone) can read and write Markdown files. It provides tools for reading/writing files, updating YAML frontmatter, searching (body and frontmatter), listing directories, moving/renaming, and soft-deleting to a .trash folder. It claims OAuth 2.0 (authorization code flow with PKCE), bearer-token validation per request, Cloudflare Tunnel-based exposure, path traversal protections, and atomic writes to avoid partial file states that could break Obsidian Sync.","use_cases":["Remote editing and content updates to an Obsidian vault from LLM clients outside the local machine","Searching an Obsidian vault by full text or YAML frontmatter fields via MCP","Automation workflows that update Obsidian notes/frontmatter programmatically with safety limits","Enabling Claude web/mobile integrations to access a local Obsidian vault over a tunneled HTTPS service"],"not_for":["Use cases requiring high-scale multi-tenant access (it appears designed for a single user/vault directory)","Situations where you cannot deploy or manage a Cloudflare Tunnel (remote access path described depends on it)","Use as a general-purpose public file server for arbitrary directories (it is scoped to a configured vault root)"],"best_when":"You want a persistent MCP endpoint to access a single Obsidian vault remotely with strong operational safety (atomic writes, traversal blocking) and OAuth-based authorization, and you are comfortable running a local service plus Cloudflare Tunnel for exposure.","avoid_when":"You need a zero-ops hosted SaaS (this is a self-hosted server), you cannot safely handle OAuth secrets/tokens, or you require comprehensive audit/log retention guarantees not described in the provided materials.","alternatives":["Local stdio Obsidian MCP servers (works only when the client runs on the same machine)","Running an MCP-capable reverse proxy in front of a local MCP server (requires additional security work)","Other Obsidian MCP servers that support network access via HTTPS with authentication","Direct filesystem/API integrations that update notes without MCP (e.g., custom scripts or plugins)"],"af_score":58.0,"security_score":65.5,"reliability_score":30.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:48:37.958465+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.0 authorization code flow with PKCE (initial client authentication)","Bearer token validation on every MCP tool call","Optional Cloudflare Access layering (defense in depth) described"],"oauth":true,"scopes":false,"notes":"Materials describe OAuth-based integration plus per-request bearer token validation, but do not mention fine-grained MCP tool scopes/permissions. A separate VAULT_MCP_TOKEN bearer token is also configured as an environment variable."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted (MIT) with dependencies like cloudflared; any costs would be infrastructure/tunnel related, not subscription pricing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":58.0,"security_score":65.5,"reliability_score":30.0,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":35.0,"tls_enforcement":90.0,"auth_strength":85.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"The materials claim HTTPS via MCP over Streamable HTTP and Cloudflare Tunnel exposure (outbound-only), OAuth 2.0 with PKCE for client auth, and bearer-token validation per request. It also claims robust path traversal protections (reject escape via .., symlinks, null bytes, dotfiles like .obsidian/.git/.trash) and atomic writes via temp+rename to prevent partial-file corruption. Safety limits are described (write size cap, batch size cap, search max). However, details are marketing-level/README-level: no explicit coverage of token storage practices, logging/redaction behavior, rate-limit headers, CSRF/auth endpoint hardening, or dependency vulnerability posture are provided.","uptime_documented":10.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":"The README describes safety limits and atomic writes, but does not explicitly document idempotency semantics for write/move/delete tools.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Write/delete operations are destructive in effect (soft-delete via .trash for delete; move/rename can change paths). Agents should avoid unintended writes and set confirm=true for delete.","Batch limits exist (e.g., batch operations capped at 20 files/request; search capped at 50 matches) which may require chunking large tasks."]}}