Scaling the Ecosystem: The Future of Obsidian Plugins
Obsidian has long been a cornerstone for personal knowledge management, largely due to its extensible plugin ecosystem. However, as the user base grew into the millions and the developer community expanded to thousands, the manual review process for new plugins became a critical bottleneck. To address this, Obsidian has introduced a new community site and an automated review system designed to scale the ecosystem without sacrificing security.
Moving from Manual to Automated Reviews
For a long time, the Obsidian team—a small group of only seven people—handled plugin submissions through a manual review process. As AI-assisted coding made it easier for developers to create plugins, the volume of submissions increased, leading to developer frustration and team burnout.
The new system shifts the burden from manual human oversight to automated checks. This transition is intended to relieve the scaling bottleneck, allowing plugins to be vetted and published more rapidly. According to Obsidian CEO Kepano, this is a "work in progress" that aims to be backwards compatible and easy to adopt while gradually enhancing security and discoverability.
The Security Debate: Automation vs. Sandboxing
While the automation of reviews is a welcome move for developer velocity, it has sparked a significant debate among the technical community regarding the fundamental security model of Obsidian plugins.
The Limits of Automated Scanning
Several users have expressed skepticism about whether automated checks can reliably detect malicious code. A recurring concern is that as AI becomes better at spotting malware, it also becomes better at hiding it.
"I'm not sure that you can use a.i. to defeat a.i., if an ai is able to spot malware in a code, it can just as well hide it (from itself)."
The Call for Sandboxing
Many power users and security-conscious developers argue that the only true solution to plugin security is a robust sandboxing system. Currently, Obsidian plugins have extensive access to the system, which some critics describe as a "click here for RCE (Remote Code Execution)" model.
The community is calling for a more granular permission system that would allow users to:
- Explicitly toggle network requests on or off for specific plugins.
- Restrict file access to only the contents of the vault.
- Prevent plugins from executing external binaries.
Community Perspectives and Friction Points
Beyond the security architecture, the community has highlighted several other areas of friction in the Obsidian experience.
Open Source vs. Proprietary
There remains a persistent tension regarding Obsidian's proprietary nature. Some users refuse to adopt the tool because it is not open source, arguing that while plain-text files are a great start, the software that shapes their daily workflow should be transparent and auditable.
Collaboration and Enterprise Use
While Obsidian is a powerhouse for individual productivity, some users find it lacking in a team or work context. Compared to tools like Notion, Obsidian is perceived as having gaps in collaboration, permissions, and sharing, making it a "non-starter" for some small teams who prefer a single tool for both personal and professional use.
User Experience Hurdles
Feedback from the community also touched on accessibility and platform-specific issues. Some users noted that the new community site is dark mode only, which can be difficult for those with astigmatism. Others pointed out performance issues with the iOS app, specifically regarding plugin loading and the need for manual reloads.
Conclusion
The transition to automated plugin reviews represents a significant milestone in Obsidian's growth. By removing the manual bottleneck, Obsidian is enabling its community of developers to innovate faster. However, the discourse surrounding this update reveals a deeper desire for a more sophisticated security model—specifically sandboxing—and a move toward greater transparency. As the team continues to iterate, the balance between developer freedom and system security will remain a central theme in the evolution of the Obsidian ecosystem.