ClawTouch Open Source — Real hands for an AI agent

OPEN SOURCE · MIT

Real hands
for an AI agent.

ClawTouch is open-core: the hardware, wire protocol, and skill templates are fully open source (MIT), so anyone can verify the USB device is not a backdoor and the protocol is not a black box. The integrated commercial desktop product (hosting, persona/knowledge, app adapters, vision models) stays closed-source. Driving the local machine is the common case; cross-device is an additional capability.

GitHub→ Commercial / OEM

01 — The three repos

Three repos,
all MIT.

The three repos are independent and usable on their own: pre-flashed hardware, one MCP server, a byte-level-public protocol, plus a set of application operator manuals.

MCP server · main entry

clawtouch-mcp

Exposes the hardware as agent tools: move / click / drag / type / key combos / scroll; screenshots are an opt-in extra, off by default. Works with any MCP client or a computer-use loop. A --mock mode runs the full loop with no hardware.

13 HID + 2 device + 1 opt-in screenshot = 16 tools
Windows / macOS / Linux
--mock mode: try it with no hardware

pip install clawtouch-mcp github.com/tinqiao-oss/clawtouch-mcp →

Firmware + protocol

clawtouch-hid

The Raspberry Pi Pico 2 CircuitPython firmware plus the wire protocol, documented down to every byte: a 6-field frame, 15 command codes, frozen as a v1.0 baseline with additive v1.x opcodes. The firmware is a thin frame-to-HID translator.

Protocol frozen and public to the byte
15 command codes · checksummed frames
Install standalone to write your own host

pip install clawtouch-hid-protocol github.com/tinqiao-oss/clawtouch-hid →

Skill templates

clawtouch-skills

Markdown "operator manuals" an LLM reads to learn the real UI paths and known gotchas of specific desktop apps, so it fumbles less. Clone and edit; share your own back.

Pure Markdown — guidance, not code
Seed skills for common office apps
New skills welcome

git clone …/clawtouch-skills github.com/tinqiao-oss/clawtouch-skills →

02 — Protocol

Public to
every byte.

A PING command looks like this — 7 bytes, every one of them documented in the public spec. No black box.

AA	01 00	01	00 00	(none)	AC
preamble	seq	command	length	payload	checksum
1 byte	2 bytes	PING=01	2 bytes	0-1024 bytes	1 byte

Checksum = low 8 bits of the sum of the first 6 bytes (AA+01+00+01+00+00 = AC). 15 command codes total. v1.0 baseline frozen 2026-03-15; v1.1 adds drag primitives without breaking v1.0. Any language can implement a host — not limited to Python, not limited to MCP. Full spec in each repo's docs/protocol-v1.md.

03 — Why this stack

Verify it,
swap any layer.

No black box, no platform lock, no model lock, no board lock — every layer is yours to inspect and replace.

01
Open protocol, frozen to the byte — not a black box.Every byte is in docs/protocol-v1.md; any language can implement a host. Not limited to Python, not limited to MCP, not locked to a third party.
02
Genuine USB HID input, consistent across OSes.It rides the same USB HID driver stack as a normal keyboard and mouse, so the bottom layer is identical on Windows / macOS / Linux — one codebase covers three OSes instead of a per-platform input implementation.
03
Works with any LLM + MCP client out of the box.Claude Desktop / Cursor / Hermes / Cherry Studio and other MCP spec-compliant clients connect directly — no platform lock, no model lock.
04
CircuitPython firmware you can edit and audit.Not a burned-once ASIC — every line of firmware is in clawtouch-hid/firmware/. Edit it, flash it, audit it yourself.
05
A stock Pico 2 board, easy to buy.Not a custom board — a Raspberry Pi Pico 2 is widely available off the shelf.

04 — Autonomy & safety

Real-keyboard reach,
brakes built in by default.

An autonomous agent has the same reach as a person at the keyboard. We ship the brakes on by default and state the risks plainly.

01
Emergency stop + no screen reading by default.hid.release_all drops every key and mouse button at once; unplugging the USB is the physical fallback. Screenshots are off by default (--allow-screenshot to enable) — it does not read your screen unless you ask.
02
Server-side hard limits an LLM can't exceed.--screen clamps coordinates to your screen · --ops-per-sec rate-limits · a 4096-char cap per input — guardrails against misclicks and flooding.
03
This is agent-behavior risk, not a firmware bug.Actions can happen outside your intent (prompt injection / model error / over-broad authorization). Treat on-screen content as untrusted input. Don't use it for anything that violates a target app's terms of service or local law.
04
Deployment advice.A dedicated, least-privilege host · a human in the loop · network isolation — don't run an unknown agent on logged-in, sensitive pages. Full disclosure in each repo's README Safety section.

Get the hardware

Two ways,
both just work.

The hardware layer is open source — flash it yourself, or skip the fuss and buy a pre-flashed kit. The firmware is identical to this repo.

Open source · flash it yourself

Any Pico 2

Grab a stock Raspberry Pi Pico 2 (~$8 from any electronics retailer), follow the three-step clawtouch-hid/docs/flash-guide.md, and you have a working ClawTouch™ HID device. Protocol and firmware are fully open — audit and modify freely.

Flash guide →

Convenience · pre-flashed

ClawTouch™ dev kit

A pre-flashed Pico 2 + USB-C cable + quick-start card in an enclosure — plug in and go, no board-picking or flashing. The firmware matches this open repo byte-for-byte.

Taobao · ships within China →

Outside China, or enterprise / OEM: contact us.

Real handsfor an AI agent.

Three repos,all MIT.