Security audit
KeplerPlugin
Security checks across malware telemetry and agentic risk
Overview
The plugin’s Kepler save/recall features are coherent, but it is flagged for review because its MCP configuration runs an unpinned remote Python script from GitHub at runtime.
Before installing, be aware that this plugin is designed to connect to Kepler, save links, and recall saved browser-memory links. The main reason to review carefully is that its MCP config runs a raw GitHub script via `uv`; prefer a version that runs a pinned or packaged local script, and make sure you know how to revoke Kepler OAuth access and remove the local token cache.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
