Thank you for the kind words, I’m glad you found it useful :)

As for security vulnerabilities — you can never be sure, but I don’t think Karabiner is sending any information outside of your computer like Grammarly does. And according to this response from its creator: https://groups.google.com/forum/#!topic/osx-karabiner/FJlpy8YEX74 Karabiner stores input events in a privileged process, so it should keep it safe from other, malicious processes.

You can make pretty complex modifications in Karabiner. The UI is not super flexible for that, but you can edit the JSON config file directly. This is how I mapped pressing both Shift keys to Caps lock: https://github.com/switowski/dotfiles/blob/master/.config/karabiner/karabiner.json#L41