Apple Media Remote (for HomePod, Apple TV, etc)
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a straightforward Apple-media remote, but installing and pairing it lets the agent change playback, power, volume, and reuse local pairing credentials.
This appears coherent for controlling Apple media devices. Before installing, make sure you are comfortable with the agent being able to run atvremote commands, pair with devices, store pairing credentials locally, and change media device state such as playback, volume, power, apps, and speaker outputs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can change playback, volume, power state, app state, output grouping, or stream chosen media to local devices.
The skill documents state-changing commands for local media devices, including volume, power, and streaming a local file. This is expected for a remote-control skill, but it is real device-control authority.
atvremote -n "Kitchen" set_volume=50 ... atvremote -n "Apple TV" turn_off ... atvremote -n "Kitchen" stream_file=/path/to/audio.mp3
Use explicit device names and actions, and review or confirm disruptive commands such as turn_off, high volume changes, speaker grouping, or streaming files.
After pairing, future atvremote commands may control the paired Apple device without repeating the pairing step.
Pairing creates a persistent local credential/config file that can be reused for future control of paired devices. The behavior is disclosed and directly related to the skill purpose.
Some devices (especially Apple TV) require pairing before control ... Credentials are stored automatically in `~/.pyatv.conf` after pairing.
Pair only trusted devices, protect ~/.pyatv.conf, and remove or rotate pairing credentials if you no longer want this access.
Installation will pull the current pyatv package available to pipx, which may change over time.
The skill recommends installing the external pyatv package through pipx without pinning a version. This is central to the stated purpose and user-directed, but users should recognize the dependency provenance.
"command":"pipx install pyatv --python python3.13"
Install from a trusted package source and consider pinning or verifying the pyatv version if you need reproducible behavior.