Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.


Are you scared to use many public plugins just because they can harm your server? Want to monitor and/or restrict Internet activity, file access and other stuff for certain plugins? That's all exactly what Keiko comes for.

→ Keiko on SpigotMC

Keiko is capable of:

  • inspecting bytecode of plugins at startup and check them for potentially unsafe operations or malware, including "Force-OP";

  • monitoring and restricting nearly every single action plugins do, including network connectivity, file access, natives linkage, and more, with an easy to use and understand rules syntax;

  • checking the integrity of installed plugins, ensuring they are not artificially modified or infected;

  • detecting suspicious behavior of plugins at run-time, and sometimes even remediating the damage they've done.


Keiko is not a plugin! Please visit the Installation Instructions page for a complete guide on getting started with Keiko.

Configuration, help and troubleshooting

Building (Gradle)

To build Keiko yourself from source:

  1. Clone or download this repository, cd into it.
  2. Run ./gradlew shadowJar.
  3. Wait a little bit.
  4. Grab the built JAR file in build/libs/.
  5. Profit!

Note: Keiko is built against Java 8, but, as it works perfrectly with Java 16 runtime, in theory, it should be possible to build Keiko against newer Java versions as well.

echo "Cloning Keiko..."
git clone
cd keiko-plugin-inspector
echo "Building Keiko..."
./gradlew shadowJar

echo "Done! You can find the output JAR in build/libs/"
echo "Use './gradlew shadowJar' in Keiko's root folder (you are browsing it at the moment) whenever you want to rebuild Keiko from source."