KeplerPlugin
Security checks across malware telemetry and agentic risk
Overview
Kepler’s save-and-recall purpose is coherent, but its MCP setup runs an unpinned remote Python script that also handles persistent Kepler OAuth access.
Review before installing. The Kepler functionality itself is consistent with saving and recalling links, but the MCP runner should ideally be pinned to a reviewed version, and you should be comfortable with local OAuth token storage and the assistant accessing your saved Kepler spaces.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The code that runs on the user’s machine could change after this review and may run with access to the local environment and Kepler authentication flow.
The MCP server is launched by downloading and running Python from a mutable GitHub branch URL instead of an immutable commit/tag or the bundled local file, creating a provenance gap for the code that will execute.
"command": "uv", "args": ["run", "https://raw.githubusercontent.com/KeplerBrowser/Plugin/refs/heads/openclaw/mcp-proxy-server.py"]
Prefer a version pinned to an immutable commit or release, or configure the plugin to run the bundled reviewed script; verify the remote source before installing.
After web searches or fetches, the assistant may proactively suggest saving links to Kepler.
The plugin adds a post-WebSearch/WebFetch prompt that can steer the agent to suggest saving useful URLs. It says to offer rather than auto-save, so this is purpose-aligned but still changes agent behavior after web browsing.
"matcher": "WebSearch|WebFetch" ... "offer to save it to the user's space using the mcp__kepler__add_link tool"
Review each save suggestion before approving it, especially for private or sensitive URLs.
Installing and using the plugin can create reusable local OAuth tokens for the user’s Kepler account.
The proxy creates a persistent local token store and passes it into FastMCP OAuth for the Kepler MCP endpoint.
DEFAULT_TOKEN_DIR = Path("~/.fastmcp/oauth-mcp-client-cache").expanduser() ... "token_storage": token_storageInstall only if you trust the Kepler MCP integration, protect the token cache, and revoke/clear tokens if you stop using the plugin.
Saved URLs, titles, spaces, or related context from Kepler may be surfaced during conversations.
The skill can search the user’s persistent saved-link memory based on conversation context, which is aligned with Kepler recall but may bring private saved links into the chat.
"Kepler is a personal memory store for URLs" ... "Derive the search query from the URLs or topic already present in the conversation — do not ask the user for a query."
Avoid storing highly sensitive links in spaces you do not want the assistant to search, and review retrieved results before sharing them further.