AgentKVM
WarnAudited by ClawScan on May 10, 2026.
Overview
AgentKVM is a disclosed hardware-control skill, but it gives an agent broad real-device control and documents a remotely exposed server with optional authentication.
Install only if you intentionally want an agent to control your connected physical device. Keep sessions supervised, avoid exposing the remote server, use a strong token and firewall if remote access is needed, and require confirmation before sensitive or irreversible actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or invoked on the wrong screen, the agent could click, type, or navigate in ways that change accounts, files, settings, purchases, or other real-device state.
The skill explicitly authorizes broad HID-style control of connected physical devices, including sensitive text entry, but the artifacts do not define confirmation, allow/deny scopes, or containment for high-impact actions.
Act — click, type, scroll, or drag based on what you see ... "type my password on the PC"
Use only with trusted devices under supervision, and require explicit user confirmation before entering secrets, changing settings, making purchases, deleting data, or submitting forms.
A misconfigured server could expose the connected device's screen and allow remote typing/clicking from other machines on the network.
The documented server listens on all interfaces by default and only uses authentication when a token is configured, while the same API exposes screenshot and input-control endpoints.
agentkvm serve [--host <addr>] [--server-port <n>] [--token <secret>] ... Starts persistent HTTP server. Default: `0.0.0.0:7070`. ... Authentication: `Authorization: Bearer <token>` header (if token configured).
Do not expose the server to untrusted networks; bind to localhost or a trusted interface, always configure a strong token, use firewall rules, and stop the server when not actively needed.
The real behavior depends on external software that was not part of this review.
The skill depends on a globally installed external npm CLI for the sensitive hardware-control behavior; the reviewed artifact set is instruction-only and does not include the CLI source, lockfile, or pinned package version.
AgentKVM CLI — `npm install -g agentkvm`
Install the CLI only from a trusted source, prefer pinned versions, review the package provenance, and avoid running global installs in sensitive environments without verification.