Scan Report
5 /100
mycelium
Use the mycelium CLI to join coordination rooms, negotiate with other agents via CognitiveEngine, and share persistent memory across sessions.
This skill is a pure documentation file describing usage of an external CLI tool. No code execution, credential harvesting, or hidden behavior detected.
Safe to install
No action needed. Skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Describes reading ~/.mycelium/rooms/ files for memory operations |
| Network | READ | READ | ✓ Aligned | Describes HTTP sync to MYCELIUM_API_URL backend |
| Environment | READ | READ | ✓ Aligned | Declares MYCELIUM_API_URL, MYCELIUM_AGENT_HANDLE, MYCELIUM_ROOM |
| Shell | NONE | NONE | — | No shell commands executed by this skill documentation |
| Skill Invoke | NONE | NONE | — | Skill only documents CLI usage, no cross-skill invocations |
File Tree
1 files · 8.0 KB · 205 lines Markdown 1f · 205L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ All filesystem access clearly declared (read-only ~/.mycelium/rooms/)
✓ Network access declared (MYCELIUM_API_URL) with security guidance
✓ Explicit warning about third-party Homebrew tap risks
✓ No credential exfiltration - auth handled by backend deployment
✓ No obfuscation, base64, or eval patterns
✓ No sensitive path access (.ssh, .aws, .env)
✓ No supply chain risks (no dependencies or scripts)
✓ Clear documentation of data storage behavior and security implications