Obsidian Launches Automated Plugin Reviews and Safety Scorecards

Obsidian has launched Obsidian Community, a new directory and developer dashboard replacing its previous GitHub-based plugin submission flow. With over 4,000 community plugins and themes accumulating 120 million downloads, the small Obsidian team had fallen behind on manual reviews — a backlog made worse by AI coding agents accelerating plugin creation. The new system cleared more than 2,300 queued submissions in days and now scans every version, not just initial submissions.

The automated review pipeline checks each release for code quality, policy compliance, and known vulnerabilities, including malware scans for malicious additions. Each plugin gets a safety scorecard visible to users, and manual review is being refocused on high-impact targets: popular plugins, featured projects, and community-flagged issues. Legacy plugins that fail the new checks have been granted temporary exceptions but will eventually be removed from the directory.

Upcoming work targets supply-chain transparency: capability disclosures (network, filesystem, clipboard access) shown before install, verified-author labels, artifact attestation, and team-administration controls for allowlisting plugins and distributing private ones. The shift mirrors broader marketplace trends toward continuous scanning as LLM-generated extensions outpace human reviewers.