ClawHub

PiKVM

v1.0.1

Control and inspect PiKVM devices over the PiKVM HTTP API. Use when asked to operate a PiKVM, query power or HID status, type text or shortcuts remotely, tak...

0· 106·0 current·0 all-time
byCody Cook@didyouexpectthat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3), required env vars (PIKVM_URL, PIKVM_USER, PIKVM_PASS, PIKVM_VERIFY_SSL, PIKVM_USE_BASIC_AUTH), and the included script all map directly to calling the PiKVM HTTP API. Nothing requested appears unrelated to PiKVM control.
Instruction Scope
SKILL.md confines runtime actions to PiKVM API calls via scripts/pikvm_api.py, recommends starting with read-only endpoints, and explicitly demands confirmation for high-impact actions (power, media, switching). The script only reads local files when performing msd-upload (expected) and only communicates with the configured PiKVM URL. It does not instruct reading unrelated system files or exfiltrating data to third-party endpoints.
Install Mechanism
No install spec is provided and no remote downloads are performed by the skill itself; it's instruction-only with a bundled Python script. This is the lower-risk pattern for skills.
Credentials
Requested environment variables are the expected set for authenticating to PiKVM and controlling SSL/auth behavior. The primary credential (PIKVM_PASS) is appropriate. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and has no required config paths. It runs on demand and has typical agent-level privileges for an invocable skill.
Assessment
This skill looks coherent with its purpose, but protect the required environment variables (PIKVM_USER/PIKVM_PASS) as they grant control over the target device. Only point PIKVM_URL at hosts you trust. The script can upload local images (msd-upload) and can instruct the PiKVM to fetch remote images (msd-write_remote) — both are normal for this use but can be high-impact, so confirm destructive actions (power cycles, media changes, port switching) with the user before running. If you want extra assurance, review scripts/pikvm_api.py yourself and ensure Python's requests library is available in the execution environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97arh1705r91ahy0d3vf967mx838zwv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvPIKVM_URL, PIKVM_USER, PIKVM_PASS, PIKVM_VERIFY_SSL, PIKVM_USE_BASIC_AUTH
Primary envPIKVM_PASS

Comments