{"id":"jimprosser-obsidian-web-mcp","name":"obsidian-web-mcp","af_score":58.0,"security_score":65.5,"reliability_score":30.0,"what_it_does":"obsidian-web-mcp is a Python MCP server that exposes an Obsidian vault over HTTPS so remote MCP clients (e.g., Claude web/phone) can read and write Markdown files. It provides tools for reading/writing files, updating YAML frontmatter, searching (body and frontmatter), listing directories, moving/renaming, and soft-deleting to a .trash folder. It claims OAuth 2.0 (authorization code flow with PKCE), bearer-token validation per request, Cloudflare Tunnel-based exposure, path traversal protections, and atomic writes to avoid partial file states that could break Obsidian Sync.","best_when":"You want a persistent MCP endpoint to access a single Obsidian vault remotely with strong operational safety (atomic writes, traversal blocking) and OAuth-based authorization, and you are comfortable running a local service plus Cloudflare Tunnel for exposure.","avoid_when":"You need a zero-ops hosted SaaS (this is a self-hosted server), you cannot safely handle OAuth secrets/tokens, or you require comprehensive audit/log retention guarantees not described in the provided materials.","last_evaluated":"2026-03-30T13:48:37.958465+00:00","has_mcp":true,"has_api":false,"auth_methods":["OAuth 2.0 authorization code flow with PKCE (initial client authentication)","Bearer token validation on every MCP tool call","Optional Cloudflare Access layering (defense in depth) described"],"has_free_tier":false,"known_gotchas":["Write/delete operations are destructive in effect (soft-delete via .trash for delete; move/rename can change paths). Agents should avoid unintended writes and set confirm=true for delete.","Batch limits exist (e.g., batch operations capped at 20 files/request; search capped at 50 matches) which may require chunking large tasks."],"error_quality":0.0}