Obsidian MCP is designed with minimal access in mind. Here's what it does and doesn't access.

• No network calls — Nothing leaves your machine. Zero outbound connections.
• No files outside your vaults — Only reads/writes within discovered vault paths.
• No system credentials — Never touches passwords, tokens, API keys, or keychains.
• No browser data — No cookies, history, or saved passwords.
• No telemetry — No analytics, no tracking, no phone-home.

All code is open source. You can audit it:

1. Main server code: src/obsidian_mcp/server.py
2. No network imports — Search the codebase: no requests, httpx, urllib.request, or aiohttp
3. Dependencies — Only uses: mcp (protocol), pathlib (files), json (config), subprocess (URIs)

# Quick audit: check for network libraries
grep -r "import requests\|import httpx\|import urllib.request\|import aiohttp" src/
# Should return nothing

If you discover a security vulnerability, please:

1. Do NOT open a public issue
2. Email the maintainer directly (see GitHub profile)
3. Allow time for a fix before public disclosure

Q: Can Claude access files outside my vault? A: No. The MCP only reads files within paths listed in Obsidian's obsidian.json.

Q: Does this send my notes anywhere? A: No. All processing happens locally between Claude Desktop and your filesystem.

Q: What about the subprocess usage? A: Used only to open obsidian:// URIs via your system's default handler (same as clicking a link).