Observer Plugin — Obsidian Plugin Observer

See what your plugins are really doing. Plugin Observer monitors the security posture of every Obsidian plugin you have installed — without ever touching your vault, your notes, or your personal data.

Open source. Zero runtime dependencies. The plugin is publicly auditable — it's an open-source Obsidian plugin and the source is on GitHub.

What We Collect

The plugin sends exactly one type of request to plugin.observer — a list of your installed plugins and their versions. Nothing more.

POST /api/scan

{
  "plugins": [
    { "id": "dataview", "version": "0.5.67" },
    { "id": "obsidian-git", "version": "2.25.1" }
  ]
}

That's the entire payload. Plugin ID and version — both already public in the Obsidian community registry.

What We Don't Collect

Vault content or note text

IP addresses or device info

Usage analytics or telemetry

Personal identifiers or accounts

Plugin source code

File paths or filenames

The server receives only plugin IDs and versions — data already public in the Obsidian community registry. No vault content, personal data, or device information is ever transmitted by the plugin.

Features

Security Monitoring

Automatically scans your installed plugins against plugin.observer's analysis database. Scores are checked every time your plugin list changes.

Status Bar Alerts

A persistent status bar indicator shows how many plugins need attention. Click it for a detailed modal with scores, findings, and reasons for each flagged plugin.

Pre-Update Warnings

Before you update a flagged plugin, Observer intercepts the update and shows you what changed — new network destinations, score drops, or behavioral alerts. You decide whether to proceed.

Installation

The Observer plugin is currently being submitted to the Obsidian community plugin directory. In the meantime, you can install it using BRAT (Beta Reviewers Auto-update Tester):

Install BRAT from the Community Plugins browser if you don't have it

Open Settings → BRAT → Add Beta Plugin

Paste plugin-observer/plugin and click Add Plugin

Enable "Plugin Observer" in Settings → Community Plugins

For manual installation, download the latest release from the GitHub releases page and copy main.js, manifest.json, and styles.css to your vault's .obsidian/plugins/observer/ directory.

Configuration

Open Settings → Plugin Observer to configure the plugin. All settings are optional — the defaults work well for most users.

Alert Threshold

Score (0–100) below which a plugin triggers an alert. Default: 50

Pre-Update Warnings

Show a confirmation dialog before updating a flagged plugin. Default: On

Notification Style

Choose between Obsidian notice popups or status bar only. The status bar indicator is always visible regardless of this setting. Default: Notice

Ignored Plugins

Per-plugin toggles to suppress alerts for plugins you trust. Ignored plugins are still scanned but won't trigger notifications. Default: None

What We Collect

The plugin sends exactly one type of request to plugin.observer — a list of your installed plugins and their versions. Nothing more.

POST /api/scan

{
  "plugins": [
    { "id": "dataview", "version": "0.5.67" },
    { "id": "obsidian-git", "version": "2.25.1" }
  ]
}

That's the entire payload. Plugin ID and version — both already public in the Obsidian community registry.

What We Don't Collect

Vault content or note text

IP addresses or device info

Usage analytics or telemetry

Personal identifiers or accounts

Plugin source code

File paths or filenames

The server receives only plugin IDs and versions — data already public in the Obsidian community registry. No vault content, personal data, or device information is ever transmitted by the plugin.

Features

Security Monitoring

Automatically scans your installed plugins against plugin.observer's analysis database. Scores are checked every time your plugin list changes.

Status Bar Alerts

A persistent status bar indicator shows how many plugins need attention. Click it for a detailed modal with scores, findings, and reasons for each flagged plugin.

Pre-Update Warnings

Before you update a flagged plugin, Observer intercepts the update and shows you what changed — new network destinations, score drops, or behavioral alerts. You decide whether to proceed.

Installation

The Observer plugin is currently being submitted to the Obsidian community plugin directory. In the meantime, you can install it using BRAT (Beta Reviewers Auto-update Tester):

Install BRAT from the Community Plugins browser if you don't have it

Open Settings → BRAT → Add Beta Plugin

Paste plugin-observer/plugin and click Add Plugin

Enable "Plugin Observer" in Settings → Community Plugins

For manual installation, download the latest release from the GitHub releases page and copy main.js, manifest.json, and styles.css to your vault's .obsidian/plugins/observer/ directory.

Configuration

Open Settings → Plugin Observer to configure the plugin. All settings are optional — the defaults work well for most users.

Alert Threshold

Score (0–100) below which a plugin triggers an alert. Default: 50

Pre-Update Warnings

Show a confirmation dialog before updating a flagged plugin. Default: On

Notification Style

Choose between Obsidian notice popups or status bar only. The status bar indicator is always visible regardless of this setting. Default: Notice

Ignored Plugins

Per-plugin toggles to suppress alerts for plugins you trust. Ignored plugins are still scanned but won't trigger notifications. Default: None