mycelium
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears coherent and purpose-aligned, but it connects your agent to an external shared task-path network and should be used with care around sensitive task details.
Install this only if you are comfortable using the Mycelium external service. Do not include secrets or confidential details in goals or path summaries, review every publish preview before replying Y, and treat retrieved paths as suggestions rather than instructions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation may fetch the latest compatible httpx package from the Python package index.
The skill can install an external Python package without a pinned version. This is purpose-aligned for the API client, but users should notice the unpinned dependency.
subprocess.check_call([sys.executable, "-m", "pip", "install", "httpx"])
Install in a trusted Python environment, and prefer a pinned dependency or lockfile if reproducibility is important.
Requests to the Mycelium service are tied to your API key and may include an agent identifier.
The client uses a Mycelium API key and agent identifier for authenticated service calls. This is expected for the stated network integration.
self.agent_id = agent_id or os.getenv("OPENCLAW_AGENT_ID", "openclaw_user")
self._headers = {"X-API-Key": self.api_key, "Content-Type": "application/json"}Use a dedicated Mycelium API key, avoid sharing it, and rotate it if it may have been exposed.
Your agent may receive task guidance from other contributors, and approved summaries you publish may become part of the shared network.
The skill intentionally uses a shared external memory of execution paths. That is the core feature, but shared context can contain stale, unsafe, or overly specific guidance.
It allows agents to share and query successful "Pheromone Trails" (execution paths) to navigate complex tasks.
Treat returned paths as advisory only, and do not publish secrets, private customer data, or sensitive internal procedures.
A bad or manipulated shared path could steer the agent toward inappropriate actions if followed blindly.
The workflow says the agent will parse returned steps and try to reproduce them in the current environment. Because those steps come from an external network, they should not be treated as authoritative commands.
我会解析返回的步骤,并在当前环境中尝试复刻这些成功的经验。
Require the agent to validate retrieved paths against the current user request and ask before taking high-impact actions.
If the SDK is used directly with a sensitive context object, that context could be sent without the same redaction applied to other fields.
The SDK scrubs goal, path, and tags, but the context field is not scrubbed in this method. The CLI does not expose context, and publish preview mitigates this, but broad privacy claims should not be treated as a guarantee.
scrubbed_goal = scrub_sensitive_data(goal)
scrubbed_path = scrub_sensitive_data(path)
scrubbed_tags = scrub_sensitive_data(tags or [])
...
"context": context or {}Manually review all publish previews and avoid passing sensitive context through direct SDK calls.