Registry/Obsidian MCP Server

Obsidian MCP Server

v1.0.0
Verified

Model Context Protocol server for Obsidian Vaults

By CommunityMIT
typescript
file system
1.9Kstars
45.0Kdownloads
256forks
Scanned Jul 13, 2026
WebsiteNPM
A85%
Scanned 6d ago

Very Good Security

Vulnerabilities Found
0Crit
1High
0Med
0Low
0Info

Security ScoreA

85
out of 100

Vulnerabilities Found

0
Crit
1
High
0
Medi
0
Low
0
Info
Last scanned: 7/13/2026

Quality ScoreB

74
out of 100
54
Maint.
87
Popular
89
Docs
73
Compat
Maintenance54%
Popularity87%
Documentation89%
Compatibility73%

Maintenance54

Unknown
Commit Frequency45%
Release Frequency70%
Issue Response45%

Popularity87

1.9K
Stars
45.0K
Downloads
256
Forks
Stars Score92%
Downloads Score84%
Forks Score84%

Documentation89

README Quality85%

Available Documentation

API DocsExamplesChangelog

Compatibility73

MCP Spec Compliance80%
Transport Support50%

Features

TypeScript

Supported Transports

STDIO

Agentic MCP Risk Intelligence

MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.

0
agentic findings
No advanced MCP issues detected

The current scan did not find prompt-injection, agent command, exfiltration, unbounded filesystem, or MCP SSRF patterns.

Prompt Injection Surface
0

Tool metadata can steer or hijack AI clients before a user invokes the tool.

AI → Command Execution
0

Model-selected tool arguments can reach shell/process execution.

Secret Exfiltration Path
0

Tool context combines credential access with outbound network capability.

Unbounded Filesystem
0

AI-controlled paths may access files outside the intended workspace.

Agent SSRF
0

AI-controlled URLs may reach local, metadata, or internal network services.

Vulnerabilities(1)

1High
Filter:

READMEObsidian MCP Server

MCP Obsidian

⚠️ PATH TRAVERSAL VULNERABILITY ⚠️

Issue

File read operations do not properly sanitize paths, allowing access to files outside the Obsidian vault.

Impact

An attacker could prompt the AI to read:

  • SSH keys (~/.ssh/id_rsa)
  • Environment files (.env)
  • Browser credentials
  • System configuration

CVSS: 7.5 (High)

Status

Patch available in v0.2.1, upgrade immediately.

Embed Security Badge

Add this badge to your README or documentation

Obsidian MCP Server MCPSafe Security
[![Obsidian MCP Server MCPSafe Security](https://api.mcpsafe.org
/api/badge/mcp-obsidian-vuln.svg)](https://mcpsafe.org/registry/mcp-obsidian-vuln)
Need more customization options?Badge Documentation

Server Information

Source
NPM
Package
mcp-obsidian
Version
1.0.0
Language
typescript
License
MIT
Transport
STDIO
Added
Jan 20, 2026
Updated
Jul 13, 2026