Pluginv0.1.0

ClawScan security

Clawhub Github Publish IYLRMS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 5:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Files and runtime instructions align with a Kepler bookmark/memory plugin: it opens an OAuth session with keplerbrowser.com and proxies an MCP endpoint via a local stdio bridge; nothing requested is disproportionate to that purpose.
Guidance: This skill appears to do what it says: bridge your agent to Kepler's hosted MCP so the agent can save and recall links. Before installing or running it: 1) Confirm you trust keplerbrowser.com and review their privacy policy (plugin contacts https://app.keplerbrowser.com/mcp). 2) Be aware the proxy will open a browser for OAuth and a token will be cached at ~/.fastmcp/oauth-mcp-client-cache; delete that file to revoke local access. 3) The runtime uses a PyPI package (fastmcp>=3,<4) fetched when you run the proxy—inspect that package/source if you have supply-chain concerns. 4) The plugin requests read/write capabilities to your stored links (normal for a bookmark/memory tool) — only proceed if you want the agent to be able to save and retrieve your links. If you want more assurance, review the small run_proxy.py and the SKILL.md instructions; no other hidden endpoints or unrelated credentials were found.

Review Dimensions

Purpose & Capability: okThe name/description (Kepler: save links, recall browser memory) match the files and declared tools (add_link, list_spaces, search_links) and the proxy to a Kepler MCP server (app.keplerbrowser.com/mcp). No unrelated credentials, binaries, or capabilities are requested.
Instruction Scope: noteSKILL.md instructs running skills/proxy-stdio/scripts/run_proxy.py with fastmcp to create a stdio proxy to the Kepler MCP server. This requires opening a browser for OAuth and will cache a token at ~/.fastmcp/oauth-mcp-client-cache; those behaviours are expected for an OAuth-backed connector but are notable because they create persistent credentials on disk and perform network I/O to keplerbrowser.com.
Install Mechanism: noteThere is no bundle install spec, but the runtime instruction tells users to run via 'uv run --with "fastmcp>=3,<4"', which will fetch fastmcp from PyPI at runtime. Using PyPI packages is normal here, but fetching third-party packages is a moderate risk compared with instruction-only skills—verify the fastmcp package source and integrity before running.
Credentials: okThe skill declares no required environment variables or unrelated credentials. The only credentialing is OAuth to the Kepler MCP (auth handled by fastmcp), which is proportional to a service that needs read/write access to a user's saved links.
Persistence & Privilege: notealways is false and the skill is user-invocable. The notable persistent behavior is the OAuth token cache written to ~/.fastmcp/oauth-mcp-client-cache (documented in SKILL.md). That is expected for convenience but means the plugin can retain access until the token/file is removed or expired.