Apple TV
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts look like a straightforward Apple TV remote-control skill, but it requires a local pyatv install and Apple TV pairing credentials that can control the device.
This appears safe to install if you want Claw to act as an Apple TV remote. Before installing, make sure you trust the pyatv dependency, protect the appletv.json credentials file, and be comfortable with the agent being able to pause playback, launch apps, change volume, and power the TV on or off.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could pause playback, navigate, change volume, launch apps, or put the TV to sleep when a matching request is handled.
The skill exposes state-changing Apple TV actions such as power control and launching apps. This matches the stated remote-control purpose, but users should notice that installing it gives the agent practical control over the device.
scripts/appletv.py turn_off # Put to sleep scripts/appletv.py app Netflix
Install only if you want the agent to control this Apple TV, and consider asking for confirmation before disruptive actions like power, app launch, or navigation in shared spaces.
Anyone who can access the configured local account or credential file may be able to control the paired Apple TV through this skill.
The helper loads Apple TV pairing credentials from local config files and passes them to atvremote. This is expected for controlling a paired Apple TV, but it is still credential-backed device authority.
CONFIG_PATHS = [Path.home() / "clawd" / "config" / "appletv.json", Path.home() / ".config" / "clawdbot" / "appletv.json"] ... cmd.extend(["--companion-credentials", creds["companion"]])
Keep the Apple TV config file private, review both supported config paths, and only store credentials for the intended device.
The behavior depends on the installed pyatv/atvremote package and whatever version pipx resolves at install time.
The setup requires installing an external pyatv package without a pinned version in the provided instructions. This is central to the skill's purpose, but users should be aware of the dependency provenance.
pipx install pyatv --python python3.11
Install pyatv from a trusted package source, consider pinning a known-good version, and keep the dependency updated intentionally.
If the wrong atvremote binary is installed or found first, the skill's commands could behave differently than expected.
The script executes the local atvremote CLI as its control mechanism. This is expected for a pyatv wrapper, but it means the installed local binary and PATH resolution matter.
result = subprocess.run(cmd, capture_output=True, text=True)
Use the documented pipx installation and verify that the atvremote binary being invoked is the one installed by pyatv.