ToolProof Trust Profile

ai-smithery-sunub-obsidian-mcp-server

Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.

100risk score
Review Firstconnection signal
destructive_capabilityrisk type
71evidence score
Source: https://github.com/sunub/obsidian-mcp-server
Registry: ai.smithery/sunub-obsidian-mcp-server 1.0.0

Connection signal

Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.

Observed tools

  • None observed in this static profile.

Top findings

  • Detected capability: shell_execution — src/cli/context/KeypressContext.util.ts:200
  • Detected capability: filesystem_write_delete — src/cli/services/InputOffloadService.ts:1
  • Install risk pattern: unpinned_dependency — bun.lock:7

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.
  • Do not use production credentials during first install.
  • Restrict filesystem, repository, cloud, and database scope.
  • Require human approval for destructive actions.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.