김경종
1.9 KiB
1.9 KiB
Privacy
Data Handling
claude-obsidian is a Claude Code plugin and Obsidian vault that runs entirely on your local machine. Your vault is plain Markdown on your own filesystem. The core skill does not collect, transmit, or store any personal data, and there is no telemetry, analytics, or usage tracking.
What Stays Local
- Ingesting sources, answering queries, linting, and updating the hot cache all run inside your local Claude Code session.
- All wiki content (
wiki/) is plain Markdown saved to your local filesystem. - The
/wiki-retrieveBM25 index and optional ollama-based reranking run fully locally. Without an explicit opt-in flag, retrieval never leaves your machine.
Optional Network Egress (opt-in, consent-gated)
Network calls happen only when you explicitly enable them. By default everything is local.
| Feature | Service | Data sent | Gate |
|---|---|---|---|
/wiki-retrieve contextual prefix |
Anthropic API | Wiki page chunks (for prefix generation) | Off by default. Requires the --allow-egress consent flag on scripts/contextual-prefix.py; without it, the tier falls back to claude on PATH or a fully local synthetic prefix. |
/autoresearch |
Web search + fetch | Your research query and fetched URLs | Opt-in; only runs when you invoke the research loop. |
/defuddle |
Web fetch | URLs you ask it to extract | Opt-in; only runs when you invoke it. |
| ollama rerank | localhost only |
Query + candidate chunks | Local by default. Remote ollama hosts are refused unless you pass --allow-remote-ollama. |
Credentials
- API keys (such as
ANTHROPIC_API_KEY) are read from environment variables or your local.env, never hard-coded. - Credentials are never committed to the repository (blocked by
.gitignore). - The included demo vault and configuration ship with placeholder values only.
Security Disclosure
To report a security or privacy issue, see SECURITY.md.