Monitor the security posture of your installed Obsidian plugins via plugin.observer.
- Automatic scanning — periodically checks all installed plugins against the plugin.observer API
- Status bar alerts — shield icon with alert count shown at a glance
- Pre-update warnings — intercepts plugin updates and warns you about score drops, tier changes, or new network destinations before you install
- Configurable threshold — set the score (0–100) below which a plugin triggers an alert
- Ignore list — suppress alerts for plugins you've reviewed and accepted
Plugin Observer is a thin client. It collects your installed plugin IDs and versions, sends them to the plugin.observer API for analysis, and displays the results. All security analysis happens server-side — the plugin itself performs no code inspection.
When alerts are present, click the status bar icon to open a detail modal showing each flagged plugin's score and reasons.
BRAT lets you install plugins that aren't yet in the official community directory.
- Install BRAT from Settings > Community Plugins > Browse (search "BRAT")
- Enable BRAT in Settings > Community Plugins
- Open BRAT settings and click Add Beta Plugin
- Paste the repo URL:
https://github.com/plugin-observer/obsidian-plugin-observer-plugin - Click Add Plugin — BRAT will install and enable it
- BRAT will also keep the plugin updated automatically
Community plugin submission is pending. Once accepted, you'll be able to install directly from Settings > Community Plugins > Browse.
- Download
main.js,manifest.json, andstyles.cssfrom the latest release - Place them in your vault at
.obsidian/plugins/observer/ - Enable the plugin in Settings > Community Plugins
| Setting | Default | Description |
|---|---|---|
| Alert threshold | 50 | Score below which a plugin triggers an alert |
| Pre-update warnings | On | Show a confirmation modal before updating flagged plugins |
| Notification style | Notice | notice shows Obsidian notifications, silent updates the status bar only |
| Ignored plugins | — | Plugins excluded from alerts |
make dev # esbuild watch mode
make build # type-check + production build
make test # run tests
make test-watch # vitest watch modeNote
Requires Node.js and npm. Run npm install first.