Back to plugin

Security audit

KeplerPlugin

Security checks across malware telemetry and agentic risk

Overview

The plugin’s Kepler save/recall features are coherent, but it is flagged for review because its MCP configuration runs an unpinned remote Python script from GitHub at runtime.

Before installing, be aware that this plugin is designed to connect to Kepler, save links, and recall saved browser-memory links. The main reason to review carefully is that its MCP config runs a raw GitHub script via `uv`; prefer a version that runs a pinned or packaged local script, and make sure you know how to revoke Kepler OAuth access and remove the local token cache.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.