kwin-mcp
kwin-mcp is an MCP (Model Context Protocol) server for Linux KDE Plasma 6 on Wayland that enables AI agents to start isolated virtual KWin sessions (or connect to live sessions) and automate desktop GUI interactions. It provides MCP tools for session management, UI observation via AT-SPI2 accessibility trees and screenshots, and action injection via KWin’s Emulated Input Server (EIS)/libei, covering mouse, keyboard, touch, clipboard, window management, and some advanced D-Bus/diagnostic utilities.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Local automation tool with powerful input injection capabilities. README does not document authentication/authorization controls for MCP access; security largely relies on local process execution permissions and session isolation choices. It claims isolation via dbus-run-session + virtual KWin and optional home isolation (isolate_home), which is a positive security model, but there is no explicit discussion of permission boundaries, audit logging, or safe handling of sensitive UI/clipboard data. Dependencies listed include mcp, PyGObject, dbus-python, Pillow; no vulnerability/CVE posture is provided.
⚡ Reliability
Best When
You control the host environment and want an agent to run GUI automation inside isolated KWin Wayland sessions on KDE Plasma 6, using accessibility trees for robust element targeting.
Avoid When
You need a hardened, auth-gated service exposed to untrusted networks/clients, or you cannot run the required KDE/Wayland/EIS/AT-SPI2 components.
Use Cases
- • End-to-end GUI testing for Wayland apps on KDE Plasma in isolated virtual sessions
- • AI-driven desktop automation using structured accessibility trees
- • Live desktop collaboration/automation by attaching to an existing KWin session (including containerized ones)
- • Headless-ish CI/CD style desktop testing using virtual KWin compositors
- • Kiosk/embedded device UI automation on KDE Plasma/Wayland
Not For
- • Secure remote multi-tenant deployments without additional network/isolation controls
- • Environments that require strong user-consent prompts for input injection
- • Non-KDE/Wayland systems (or non-Plasma 6 Wayland setups) where KWin EIS/libei/AT-SPI2 integration may not apply
- • Use as a general-purpose web/API service over HTTPS (it is a local MCP stdio server)
Interface
Authentication
The README emphasizes 'zero authorization prompts' by using private KWin/EIS D-Bus interfaces, but it does not describe any authentication/authorization mechanism for controlling the MCP server itself. In practice, auth likely depends on who can execute/use the local process and access the user session/DBus.
Pricing
Open-source MIT package; no pricing model indicated.
Agent Metadata
Known Gotchas
- ⚠ Input injection targets are best derived from accessibility_tree/find_ui_elements; coordinate-based actions may be brittle across window layouts/resolutions.
- ⚠ Session lifecycle matters: session_stop behavior differs between virtual (terminates KWin/apps) and live (disconnects only).
- ⚠ Clipboard tools require enable_clipboard=true in session_start (and wl-clipboard installed).
- ⚠ keyboard_type_unicode may depend on wtype or clipboard fallback utilities being installed.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for kwin-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.