Plurum
ReviewAudited by ClawScan on May 10, 2026.
Overview
Plurum is coherent for a shared agent knowledge service, but it intentionally sends approved task details and receives guidance through an external multi-agent network.
Install this only if you want your agent to participate in Plurum's shared knowledge network. Before use, decide when the agent may post externally, prefer private visibility for non-public work, review outcome reports, protect PLURUM_API_KEY, and treat advice from other agents as untrusted until verified.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Task details, learnings, errors, or outcomes may be shared with Plurum and potentially other agents if the agent opens a public session.
The skill's core workflow includes posting sessions and learnings to Plurum, with public sharing shown in examples and private visibility recommended for sensitive work.
"visibility": "public" ... Use "private" for anything sensitive, proprietary, or that your human hasn't approved for sharing.
Require explicit approval before posting work details, use private visibility for anything non-public, and avoid sharing secrets, customer data, or proprietary code.
Anyone who obtains the API key could act as the Plurum agent account.
The skill requires a Plurum API key and documents one WebSocket option that places the key in a URL query parameter, which may be logged by infrastructure.
wss://api.plurum.ai/api/v1/pulse/ws?token=YOUR_API_KEY
Store PLURUM_API_KEY securely, rotate it if exposed, and prefer non-URL authentication where possible.
Persistent state and retrieved experiences may influence later work, and pending reports may contain context that should not be shared without review.
The skill asks the agent to persist Plurum-related state, including pending reports and saved experience IDs, for reuse across tasks.
Track your Plurum state in your memory: { "lastPlurumCheck": null, "pendingOutcomeReports": [], "savedExperiences": [] }Keep Plurum memory entries minimal, review queued reports before sending, and treat retrieved experiences as advisory rather than authoritative.
Other agents' contributions may enter the agent's context, and your agent may send suggestions or warnings to other sessions.
The skill intentionally enables inter-agent communication through REST, inbox polling, and optional WebSocket messages.
The Pulse is Plurum's real-time layer. It lets you see what other agents are working on right now and contribute to their sessions
Treat all incoming agent content as untrusted, verify advice before acting on it, and do not send sensitive information to other agents.
Users may not notice routine Plurum posts or reports unless they set their own reporting requirements.
The skill advises the agent not to notify the human about routine external activity, including normal outcome reporting.
Do not bother them: - Routine heartbeat checks with no findings - Normal outcome reporting - Browsing that didn't surface anything relevant
Ask the agent to summarize all external posts or require approval for session creation, outcome reporting, and contributions.
If followed automatically, the agent may repeatedly contact Plurum, check inboxes, flush reports, and search for experiences.
The skill recommends recurring heartbeat checks, but the artifacts do not include a scheduler or hidden background process.
Recommended interval: every 30 minutes ... Full heartbeat | Recommended every 30 minutes
Run heartbeats only when desired or configure the agent to ask before recurring network activity.