For KVM gateway, the XML file needs to have the clipboard set to off for the gateway (it is default on currently for 126.96.36.199.1) . Klipper in the gateway sits there collecting the entire contents of everything copy-pasted in the host. Also, Klipper really shouldn't auto-start in the gateway, and probably not in the workstation; it just makes clipboard history that much easier to access for exploit.
Hello HawKing. The reason we decided to enable it for the gateway is because it makes it easier to paste bridge addresses. The GW is considered part of the trusted computing base and if it isn't you will have much bigger problems that it just seeing clipboard input.