How do I install io.github.dewtech-technologies/obsidian-mcp-secure?

io.github.dewtech-technologies/obsidian-mcp-secure can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.dewtech-technologies/obsidian-mcp-secure?

io.github.dewtech-technologies/obsidian-mcp-secure is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is io.github.dewtech-technologies/obsidian-mcp-secure actively maintained?

io.github.dewtech-technologies/obsidian-mcp-secure is actively maintained — last commit was 2 days ago.

io.github.dewtech-technologies/obsidian-mcp-secure

Secure MCP server for Obsidian with OWASP Top 10 controls and full audit logging.

0 tools GitHub

No known CVEs

No license

Actively maintained

Last commit 2d ago

Untested

Transport: stdio

0 tools

Grade F

Productivity Legal

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-dewtech-technologies-obsidian-mcp-secure": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-dewtech-technologies-obsidian-mcp-secure)](https://mcppedia.org/s/io-github-dewtech-technologies-obsidian-mcp-secure)

Read me

What io.github.dewtech-technologies/obsidian-mcp-secure does

Secure MCP server for Obsidian with OWASP Top 10 controls and full audit logging.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

21/100across 5 weighted dimensions

How we score →

0255075100

−79

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.dewtech-technologies/obsidian-mcp-secure safe to use?: io.github.dewtech-technologies/obsidian-mcp-secure has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.dewtech-technologies/obsidian-mcp-secure?: io.github.dewtech-technologies/obsidian-mcp-secure can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.dewtech-technologies/obsidian-mcp-secure?: io.github.dewtech-technologies/obsidian-mcp-secure is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is io.github.dewtech-technologies/obsidian-mcp-secure actively maintained?: io.github.dewtech-technologies/obsidian-mcp-secure is actively maintained — last commit was 2 days ago.

Similar servers

Others in productivity / legal

View all →

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.3k 1

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

23.3k 4

Scrumboy95

a self-hosted project management & Kanban solution + Instant shareable boards

207 1

Google Drive Mcp91

A Model Context Protocol (MCP) server that provides secure integration with Google Drive, Docs, Sheets, Slides and Calendar. It allows Claude Desktop and other MCP clients to manage files in Google Drive through a standardized interface.

135 16

MCP Security Weekly

Get CVE alerts and security updates for io.github.dewtech-technologies/obsidian-mcp-secure and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Productivity Legal

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-dewtech-technologies-obsidian-mcp-secure": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-dewtech-technologies-obsidian-mcp-secure)](https://mcppedia.org/s/io-github-dewtech-technologies-obsidian-mcp-secure)

Read me

What io.github.dewtech-technologies/obsidian-mcp-secure does

Secure MCP server for Obsidian with OWASP Top 10 controls and full audit logging.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

obsidian-mcp-secure

Secure Model Context Protocol server that turns your Obsidian vault into a reliable data source for any MCP-compatible AI client — built from scratch with OWASP Top 10 controls and full audit logging.

Listed on the official Anthropic MCP Registry as io.github.dewtech-technologies/obsidian-mcp-secure.

🧭 Positioning — this is NOT a plugin for Obsidian

It's the opposite: it's a bridge that lets Claude Desktop (or any MCP client) read and write inside Obsidian safely. Your AI assistant stays where it lives; your vault becomes a structured, auditable datasource it can reach.

┌─────────────────┐   MCP    ┌──────────────────────┐   HTTP   ┌────────────────────┐   FS   ┌─────────────┐
│                 │  stdio   │                      │  :27123  │                    │        │             │
│ Claude Desktop  │ ───────▶ │ obsidian-mcp-secure  │ ───────▶ │  Local REST API    │ ─────▶ │  Vault .md  │
│  (AI client)    │          │  (this package)      │          │ (Obsidian plugin)  │        │             │
└─────────────────┘          └──────────────────────┘          └────────────────────┘        └─────────────┘

Role in the pipeline	Component
Where you talk	Claude Desktop (or any MCP client)
Bridge / access control	`obsidian-mcp-secure` (this package)
Data gateway inside Obsidian	Local REST API plugin (by Adam Coddington)
Your knowledge	`.md` files in your vault

One-liner: Claude is the brain, this MCP is the arm, Obsidian is the memory.

Why another Obsidian + AI integration?

There are plugins that put Claude inside Obsidian. This is the inverse, and it exists because:

Your assistant is Claude Desktop — that's where the general-purpose conversations happen. Your notes become one of many contexts Claude can reach, alongside web, GitHub, filesystems, etc.
Security is a first-class concern — deliberate attack surface, no shell access, path traversal blocked, inputs validated with Zod, every call audited.
Zero build, zero account — npx obsidian-mcp-secure and done. Works on Windows, macOS, Linux the same way.
Composability — combine this MCP with fetch, filesystem, git, GitHub, etc., and Claude can cross-reference your vault with external sources in a single conversation.

🛠️ Available Tools

Tool	Purpose
`read_note`	Read a note by path
`list_notes`	List files/folders in the vault or a subdirectory
`create_note`	Create a new `.md` note
`edit_note`	Overwrite an existing note (previous content goes to the audit log)
`delete_note`	Delete a note — requires `confirm: true` (Zod rejects otherwise)
`search_notes`	Full-text / tag search using Obsidian's own search engine

🔒 Security — OWASP Top 10

Control	Implementation
A01 — Broken Access Control	Path traversal blocked (`../`, `..\\`, encoded variants); `.md` extension enforced
A02 — Cryptographic Failures	API key read from `.env` or process env; never hardcoded, never logged
A03 — Injection	All inputs validated with Zod schemas; no `eval`, no `exec`, no shell
A04 — Insecure Design	512 KB max note size; 50-result cap on search; destructive ops require explicit `confirm: true`
A05 — Security Misconfigura

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

21/100across 5 weighted dimensions

How we score →

0255075100

−79

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.dewtech-technologies/obsidian-mcp-secure safe to use?: io.github.dewtech-technologies/obsidian-mcp-secure has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.dewtech-technologies/obsidian-mcp-secure?: io.github.dewtech-technologies/obsidian-mcp-secure can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.dewtech-technologies/obsidian-mcp-secure?: io.github.dewtech-technologies/obsidian-mcp-secure is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is io.github.dewtech-technologies/obsidian-mcp-secure actively maintained?: io.github.dewtech-technologies/obsidian-mcp-secure is actively maintained — last commit was 2 days ago.