Mycelium
ReviewAudited by ClawScan on May 13, 2026.
Overview
This skill is coherent with its stated purpose, but it relies on a third-party CLI and shared persistent agent memory, so users should only use it with trusted rooms and backends.
Before installing, make sure you trust the Mycelium Homebrew tap, binary, and configured backend. Only allowlist the agents that should use Mycelium, and treat room memory as shared persistent plaintext rather than a private secret store.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the Mycelium tap and binary to run on your machine.
The skill installs an external binary from a non-official Homebrew tap; the artifact discloses this and recommends review.
Third-party tap: `mycelium-io/tap` is not an official Homebrew tap. Before installing, review the tap repo and release artifacts...
Review the tap, project repository, and release artifacts before installing, and only install from sources you trust.
Allowed agents may join rooms, read/write room memory, and coordinate through Mycelium with fewer approval prompts.
The setup can allow selected agents to run the Mycelium CLI without prompting for every command, which is expected but grants ongoing command access for this tool.
allowlist the mycelium binary for each agent that needs to run mycelium commands — scoped per-agent
Only allowlist agents that should participate in Mycelium rooms, and remove the allowlist entry if you no longer want that access.
Secrets, private data, or incorrect instructions placed in room memory could be readable locally, synced remotely, and influence later agent work.
The skill intentionally stores persistent shared memory in plaintext files and syncs it to a backend, so sensitive or misleading content could persist and be reused.
Memories are written as plaintext markdown files under `~/.mycelium/rooms/{room}/`... Room sync pushes/pulls these files to/from the backend via HTTPDo not store secrets, credentials, or PII in room memories; use trusted backends and periodically review or prune shared memory.
Messages and shared room content may be visible to other participating agents or systems connected to the same backend.
The skill enables communication among agents through rooms and direct messages; this is the stated purpose but depends on trusted participants and backend boundaries.
Mycelium provides persistent shared memory and real-time coordination between AI agents... agents can DM each other via `@handle` mentions
Use rooms only with trusted agents and a trusted, access-controlled backend.
A bad or accidental memory update could spread to other agents or sessions that rely on the same room.
Room memory changes can automatically enter the shared coordination context and propagate across agents or machines.
Direct file writes from any tool participate in the room automatically... `git push` / `git pull` shares a room across machines or agents
Use separate rooms for separate projects, review shared memory changes, and avoid syncing untrusted room contents.