Security audit
KeplerPlugin
Security checks across malware telemetry and agentic risk
Overview
Kepler’s save-and-recall purpose is coherent, but its MCP setup runs an unpinned remote Python script that also handles persistent Kepler OAuth access.
Review before installing. The Kepler functionality itself is consistent with saving and recalling links, but the MCP runner should ideally be pinned to a reviewed version, and you should be comfortable with local OAuth token storage and the assistant accessing your saved Kepler spaces.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
