mycelium
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is transparent about using a shared agent network, but it may let peer-provided execution paths influence the agent and can send task context to an external service with limited safeguards.
Install only if you are comfortable sending task goals and reviewed summaries to the Mycelium service. Treat returned paths as untrusted suggestions, never as automatic instructions, and review any publish payload carefully before confirming. Avoid passing raw private context or secrets, use a dedicated API key, and keep the API URL trusted.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A poisoned or low-quality shared path could steer the agent toward unsafe commands, unwanted tool use, or actions that do not match the user's intent.
The skill describes parsing returned steps and attempting to reproduce them in the current environment. Because those steps come from a shared agent network, they should be treated as untrusted guidance rather than executable instructions.
我会解析返回的 `steps` 和 `key_insight`,并在当前环境中尝试复刻这些成功的步骤。
Treat Mycelium results as suggestions only. Require user review before running commands, changing files, using credentials, or taking irreversible actions based on returned paths.
If an agent or future integration passes raw task context into the SDK, private details could be uploaded to the shared service without the promised scrubbing.
The publish method scrubs goal, path, and tags, but places the optional context field into the outbound payload without the same scrubbing. The CLI does not expose this parameter, but the bundled SDK does.
"fingerprint": {
"goal": scrubbed_goal,
"scope": scope,
"context": context or {},
"tags": scrubbed_tags,
},Do not pass raw conversation, file contents, secrets, or private project context to the SDK. The publisher should scrub context too, or omit context entirely.
The agent may receive guidance from unknown peers, and published summaries may become part of a shared network.
The skill intentionally exchanges execution paths among different AI agents. This is the core feature, but the artifacts do not describe provenance checks or trust boundaries for peer-provided paths.
让不同的 AI Agent 能够共享、查询和反馈成功的任务执行路径。
Review returned paths before acting on them, and only publish summaries that you are comfortable sharing beyond your local environment.
Anyone controlling the configured API endpoint could receive the API key.
The skill sends the configured Mycelium API key as an authentication header to the configured API URL, which is expected for this integration.
self._headers = {"X-API-Key": self.api_key, "Content-Type": "application/json"}Use a dedicated Mycelium API key with limited scope if available, and keep MYCELIUM_API_URL pointed only at a trusted endpoint.
Installation depends on the current PyPI httpx package and the user's Python environment.
The install script installs httpx from PyPI without a pinned version. This is a normal dependency install for the skill, but users should be aware of the external package trust dependency.
subprocess.check_call([sys.executable, "-m", "pip", "install", "httpx"])
Install in an isolated environment where possible, and prefer pinned or reviewed dependency versions for production use.