// SCAN REPORT

Obsidian Mcp Pro

41 tools. 16 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

16 can modify or destroy data
25 read-only
41 tools total

Community server · catalogue entry verified 11/06/2026

How to control Obsidian Mcp Pro ↓

TOOL MAP

What Obsidian Mcp Pro exposes to your agents

Read (25) Write / Execute (15) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Obsidian Mcp Pro tools

Destructive · High delete_note This tool irreversibly removes a note from the user's Obsidian vault. Execute · Medium index_vault Indexing a vault creates or modifies data structures and triggers background processing. Execute · High query_base The description says 'Run a Base file', indicating this tool executes a file (likely a Dataview or similar query base file in Obsidian). Write · Low add_canvas_edge This tool creates a new relationship object (edge) between existing nodes in a canvas.

16 of Obsidian Mcp Pro's 41 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Obsidian Mcp Pro

PolicyLayer is an MCP gateway — it sits between your AI agents and Obsidian Mcp Pro, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_note": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "append_to_note": {
    "limits": [
      {
        "counter": "append_to_note_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "find_broken_links": {
    "limits": [
      {
        "counter": "find_broken_links_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Obsidian Mcp Pro — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON OBSIDIAN MCP PRO →

Free to start. No card required.

FULL CATALOGUE

All 41 Obsidian Mcp Pro tools

DESTRUCTIVE 1 tools
Destructive delete_note Delete a note. By default the file is moved to the vault
EXECUTE 2 tools
Execute index_vault Build or refresh the embedding index used by Execute query_base Run a Base file
WRITE 13 tools
Write append_to_note Append text to the end of an existing note without altering prior content. By default, inserts a leading newli Write prepend_to_note Insert content at the top of an existing note Write add_canvas_edge Create a directed edge connecting two existing canvas nodes. Both fromNode and toNode must already exist on th Write add_canvas_node Add a new node to an Obsidian canvas and persist the updated file. Supports four node types: Write create_daily_note Create a daily note for today (or a specific date) in the vault Write create_note Create a new markdown note at the given path with body content and optional YAML frontmatter. Fails (does not Write edit_block Replace the content of a block tagged with Write insert_at_section Insert content into a specific section without replacing it. Write move_note Move or rename a note within the vault, preserving its full content. Parent folders at the destination are cre Write rename_tag Rename a tag everywhere it appears across the vault, in both inline tags and frontmatter Write replace_in_note Search-and-replace within a single note. Supports literal strings or regex patterns. With Write update_frontmatter Merge new key-value pairs into a note Write update_section Replace the body of a specific section (everything between a heading and the next heading at any level). The h
READ 25 tools
Read find_broken_links Scan notes for wikilinks ([[target]]) whose target does not resolve to any existing note in the vault. Returns Read find_orphans Identify disconnected notes in the vault Read find_similar_notes Given a note path, return the K most semantically similar notes from the index (excluding the source note). Us Read find_unused_attachments Locate attachments that no note references — neither via Read get_attachment Read an attachment file and return its bytes to the client. Images come back as Read get_backlinks List all notes that contain a wikilink pointing to the target note. Each result includes the source note path, Read get_daily_note Read the daily note for today or for a specific date, resolved via the vault Read get_graph_neighbors Traverse the wikilink graph outward from a starting note and return every note reachable within N hops, groupe Read get_note Read a note in full or as a fragment. With no fragment options, returns parsed frontmatter (as a labeled heade Read get_outlinks List every outgoing wikilink from a note, partitioned into valid links (resolve to an existing note), broken l Read get_recent_notes List notes ordered by most-recently-modified first. Optional Read get_vault_stats Return a quick health snapshot of the vault: note count, total bytes, total words, unique tag count, untagged- Read list_attachments Enumerate every non-markdown file in the vault — images, PDFs, audio/video clips, anything pasted in beyond no Read list_bases Enumerate every Obsidian Bases ( Read list_canvases Enumerate every Obsidian canvas file (.canvas) anywhere in the vault, returning a numbered list of relative pa Read list_notes Enumerate every markdown note in the vault (or a single folder), returning a sorted list of relative paths alo Read list_sections List all headings in a note as a tree of paths (with depth). Useful for discovering valid Read list_tags Enumerate every unique tag used across the vault along with the number of notes each tag appears in. Detects t Read read_base Return the parsed contents of a Base file: filters, properties, view definitions, and any unrecognized fields. Read read_canvas Read an Obsidian canvas file (.canvas, JSON format) and return a bounded human-readable summary of its structu Read search_by_frontmatter Find notes whose YAML frontmatter contains a given property/value pair. Property names and values are matched Read search_by_tag Find all notes tagged with a specific tag, including nested sub-tags (searching Read search_notes Full-text search across all notes in the vault. Ranks literal matches with title/path focus and repeated-line Read search_semantic Search notes by meaning rather than keywords. Embeds the query with the configured provider, scores every chun Read resolve_alias Find every note whose frontmatter
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Obsidian Mcp Pro

Can an AI agent delete data through the Obsidian Mcp Pro MCP server? +

Yes. The Obsidian Mcp Pro server exposes 1 destructive tools including delete_note. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Obsidian Mcp Pro? +

The Obsidian Mcp Pro server has 13 write tools including append_to_note, prepend_to_note, add_canvas_edge. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Obsidian Mcp Pro.

How many tools does the Obsidian Mcp Pro MCP server expose? +

41 tools across 4 categories: Destructive, Execute, Read, Write. 25 are read-only. 16 can modify, create, or delete data.

How do I enforce a policy on Obsidian Mcp Pro? +

Register the Obsidian Mcp Pro MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Obsidian Mcp Pro tool call.

Deterministic rules across all 41 Obsidian Mcp Pro tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON OBSIDIAN MCP PRO →

Free to start. No card required.

41 Obsidian Mcp Pro tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.