Summary
Connects Claude Desktop to your Obsidian vault through the Local REST API plugin, exposing nine tools for reading, writing, searching, and managing markdown notes. Security is the headliner here: path traversal blocks, Zod validation on every input, 512 KB file caps, explicit confirmation required for deletes, and full audit logging via winston. Works via stdio, runs with npx, and pairs well with the fetch MCP if you want Claude to cross-reference your notes against live web sources in a single conversation. The architecture is deliberate: Claude stays in Desktop, this server acts as the gate, Obsidian becomes a structured datasource instead of the UI where the AI lives.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
obsidian-mcp-secure
Secure Model Context Protocol server that turns your Obsidian vault into a reliable data source for any MCP-compatible AI client — built from scratch with OWASP Top 10 controls and full audit logging.
Listed on the official Anthropic MCP Registry as io.github.dewtech-technologies/obsidian-mcp-secure.
🧭 Positioning — this is NOT a plugin for Obsidian
It's the opposite: it's a bridge that lets Claude Desktop (or any MCP client) read and write inside Obsidian safely. Your AI assistant stays where it lives; your vault becomes a structured, auditable datasource it can reach.
┌─────────────────┐ MCP ┌──────────────────────┐ HTTP ┌────────────────────┐ FS ┌─────────────┐
│ │ stdio │ │ :27123 │ │ │ │
│ Claude Desktop │ ───────▶ │ obsidian-mcp-secure │ ───────▶ │ Local REST API │ ─────▶ │ Vault .md │
│ (AI client) │ │ (this package) │ │ (Obsidian plugin) │ │ │
└─────────────────┘ └──────────────────────┘ └────────────────────┘ └─────────────┘
| Role in the pipeline | Component |
|---|---|
| Where you talk | Claude Desktop (or any MCP client) |
| Bridge / access control | obsidian-mcp-secure (this package) |
| Data gateway inside Obsidian | Local REST API plugin (by Adam Coddington) |
| Your knowledge | .md files in your vault |
One-liner: Claude is the brain, this MCP is the arm, Obsidian is the memory.
Why another Obsidian + AI integration?
There are plugins that put Claude inside Obsidian. This is the inverse, and it exists because:
- Your assistant is Claude Desktop — that's where the general-purpose conversations happen. Your notes become one of many contexts Claude can reach, alongside web, GitHub, filesystems, etc.
- Security is a first-class concern — deliberate attack surface, no shell access, path traversal blocked, inputs validated with Zod, every call audited.
- Zero build, zero account —
npx obsidian-mcp-secureand done. Works on Windows, macOS, Linux the same way. - Composability — combine this MCP with fetch, filesystem, git, GitHub, etc., and Claude can cross-reference your vault with external sources in a single conversation.
🛠️ Available Tools
| Tool | Purpose |
|---|---|
read_note | Read a note by path |
list_notes | List files/folders in the vault or a subdirectory |
create_note | Create a new .md note |
edit_note | Overwrite an existing note (previous content goes to the audit log) |
delete_note | Delete a note — requires confirm: true (Zod rejects otherwise) |
search_notes | Full-text / tag search using Obsidian's own search engine |
find_note_by_name | Find notes by partial name — case-insensitive, no exact path needed |
list_tags | Enumerate all tags in the vault with usage count; sortable by name or frequency |
create_backlinks | Add [[wikilinks]] to a ## Relacionadas section in a note — explicit and auditable |
🔒 Security — OWASP Top 10
| Control | Implementation |
|---|---|
| A01 — Broken Access Control | Path traversal blocked (../, ..\\, encoded variants); .md extension enforced |
| A02 — Cryptographic Failures | API key read from .env or process env; never hardcoded, never logged |
| A03 — Injection | All inputs validated with Zod schemas; no eval, no exec, no shell |
| A04 — Insecure Design | 512 KB max note size; 50-result cap on search; destructive ops require explicit confirm: true |
| A05 — Security Misconfiguration | Only 127.0.0.1 / localhost accepted as host |
| A09 — Logging & Monitoring | Full audit log via winston with size-based rotation (5 MB / 10 files) |
Every tool call emits an audit line with action, params (sanitized), success, error, and timestamp.
⚡ Installation
Prerequisites
- Obsidian Desktop with a vault open
- The Local REST API plugin (by Adam Coddington) — install from Community Plugins, enable it, and:
- Turn on "Enable Non-encrypted (HTTP) Server" (simpler than HTTPS self-signed certs)
- Copy the API Key shown in the plugin settings
- Node.js 18+
- Claude Desktop (or another MCP-compatible client)
Configure Claude Desktop
Open %APPDATA%\Claude\claude_desktop_config.json on Windows (or ~/Library/Application Support/Claude/claude_desktop_config.json on macOS) and add:
{
"mcpServers": {
"obsidian-secure": {
"command": "npx",
"args": ["-y", "obsidian-mcp-secure"],
"env": {
"OBSIDIAN_API_KEY": "your-api-key-from-the-plugin",
"OBSIDIAN_HOST": "http://127.0.0.1",
"OBSIDIAN_PORT": "27123",
"LOG_DIR": "C:/path/to/your/logs"
}
}
}
}
Windows tip: if
npxfails silently, switch"command": "npx"to"command": "npx.cmd". Some Claude Desktop builds don't resolve barenpxon PATH.
Restart Claude Desktop (tray → Quit, then reopen) and the 9 tools will show up under obsidian-secure.
🤝 Recommended companions
The real power of MCPs is composability. To reproduce the "read my note → fetch a URL → tell me if I'm applying it correctly" workflow, add the official fetch MCP alongside this one:
{
"mcpServers": {
"obsidian-secure": { "...": "as above" },
"fetch": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-fetch"]
}
}
}
Now Claude has both your vault and the live web in a single conversation.
💬 Example prompts
With obsidian-secure + fetch enabled:
"Read my note
Projeto API Atendimento.md, then fetch https://developers.facebook.com/docs/whatsapp and tell me if my implementation matches the latest best practices."
"Search my vault for the tag
#ideiaand summarize the three ideas that appear most often. Then create a new note calledIdeias recorrentes.mdwith the summary."
"Read
Atomic Habits - Resumo.md, fetch https://jamesclear.com/atomic-habits, and point out where my notes drifted from the original."
Claude will orchestrate the tool calls automatically — no manual chaining.
🧩 Comparison with in-Obsidian plugins
If your workflow lives inside Obsidian's sidebar, plugins like obsidian-claude-code are the right fit. This MCP targets a different shape:
| Dimension | obsidian-claude-code (in-Obsidian) | obsidian-mcp-secure (this) |
|---|---|---|
| Where the AI lives | Sidebar inside Obsidian | Claude Desktop (or any MCP client) |
| Setup | git clone + bun build | npx obsidian-mcp-secure |
| Tools | Read/Write/Edit + Bash + Grep + Glob + WebFetch | 9 purpose-built, Zod-validated tools |
| Security posture | Full shell access to dev machine | Tight allowlist, audited, OWASP Top 10 |
| Distribution | Manual clone, requires Bun | npm + official MCP Registry |
| Composability with other sources | Inside its own sandbox | Any MCP-compatible client can mix it with fetch, GitHub, filesystem, etc. |
| Best for | Dev who lives in Obsidian | Professional whose main surface is Claude Desktop |
Both are valid — they occupy different niches.
🔧 Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
OBSIDIAN_API_KEY | ✅ | — | API key from the Local REST API plugin |
OBSIDIAN_HOST | http://127.0.0.1 | Host (only 127.0.0.1 and localhost are accepted) | |
OBSIDIAN_PORT | 27123 | Port of the plugin's HTTP server | |
LOG_DIR | ./logs | Directory for the audit log files |
🗺️ Roadmap
✅ Shipped in v1.2.1
- Bug fix:
find_note_by_namesearches full path (folder + filename) - Bug fix:
list_tagsnormalizes all API response formats (object, array of strings, array of objects withtagCount/taggedFilesCount)
✅ Shipped in v1.2.0
- DXT package for one-click install in Claude Desktop (
npm run build:dxt)
✅ Shipped in v1.1.0
-
find_note_by_name— partial, case-insensitive name match across the entire vault -
create_backlinks— connect related notes with[[wikilinks]](explicit, auditable) -
list_tags— enumerate all tags in the vault with usage count - Unit test suite (70 tests — utils, handlers, HTTP client) with Vitest
- CI pipeline on every PR: tests + coverage +
npm audit+ static security analysis
🔜 Up next
- Smithery listing
- Read-only mode flag for shared / multi-user setups
Ideas and PRs welcome — see CONTRIBUTING.md.
📜 License
MIT — see LICENSE.
🙏 Credits
- Model Context Protocol by Anthropic
- Local REST API plugin by Adam Coddington — the foundation that makes this possible
- Built at Dewtech by Wanderson Leandro
Security issues? See SECURITY.md for disclosure instructions.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
OBSIDIAN_API_KEY*secretAPI Key generated by Obsidian's Local REST API plugin (Settings -> Local REST API -> API Key)
OBSIDIAN_HOSTdefault: http://127.0.0.1Host of the Local REST API (default: http://127.0.0.1)
OBSIDIAN_PORTdefault: 27123Port of the Local REST API (default: 27123)
LOG_DIRdefault: ./logsDirectory for audit logs (default: ./logs)
Registryactive
Packageobsidian-mcp-secure
TransportSTDIO
AuthRequired
UpdatedApr 24, 2026
