v0.2.0 · live
CAPFRAME
← leaderboard/rank #62
§ serverregistryfindings.v2

obsidian-mcp

npm:obsidian-mcp@1.0.6

github.com/StevenStavrakis/obsidian-mcp

Score
B80
Findings
5
Tools
12
Last scan
2026-06-05

Severity breakdown

Critical0
High5
Medium0
Low0
Info0

Worst finding

Tool `create-note` name implies a side effect that is not declared

· create-note

`create-note` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

All 5 findings

  1. high
    Tool `create-note` name implies a side effect that is not declared· create-noteexcessive agency

    `create-note` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

  2. high
    Tool `edit-note` name implies a side effect that is not declared· edit-noteexcessive agency

    `edit-note` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

  3. high
    Tool `delete-note` name implies a side effect that is not declared· delete-noteexcessive agency

    `delete-note` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

  4. high
    Tool `create-directory` name implies a side effect that is not declared· create-directoryexcessive agency

    `create-directory` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

  5. high
    Tool `remove-tags` name implies a side effect that is not declared· remove-tagsexcessive agency

    `remove-tags` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

How this was scored

Source registry tool surface extracted from the package's README + manifest (R3/R5/R6/R7 fire; schema-dependent rules deferred). Findings are emitted by the public capframe.findings.v1 schema. Score = 100 − (10·Critical + 4·High + 2·Medium + 1·Low), clamped to [0, 100].

Disagree with a finding? Open an issue.