Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outlit MCP
v1.0.0Use when querying Outlit customer data via MCP tools (outlit_*). Triggers on customer analytics, revenue metrics, activity timelines, cohort analysis, churn...
⭐ 0· 612·0 current·0 all-time
by@leo-paz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill purports to provide read-only analytics access to Outlit via MCP tools (outlit_*), which matches the documented tools and queries. However, the SKILL.md explicitly requires an API key and instructs adding an MCP server entry (Authorization: Bearer API_KEY) to local MCP configs/CLI, while the skill metadata declares no primary credential, no required env vars, and no required config paths — an incoherence between declared requirements and actual setup steps.
Instruction Scope
Runtime instructions tell the agent to detect the environment and modify local configuration files (project/.cursor/mcp.json, ~/Library/Application Support/Claude/claude_desktop_config.json, %APPDATA%/Claude/...), or run a CLI command (claude mcp add ...). Those are outside of pure query semantics and grant the skill the ability to write to user config locations unless the agent explicitly asks the user first. The instructions also require asking the user for their API key if not provided, which implies handling secrets during runtime.
Install Mechanism
There is no install spec and no code files to execute — this is instruction-only, which minimizes written-to-disk risk. The skill references an external MCP endpoint (https://mcp.outlit.ai/mcp) but does not instruct downloading arbitrary code.
Credentials
Requesting an Outlit API key is proportional to the stated purpose (service access). However, the skill metadata does not declare any required environment variable or primary credential while the instructions clearly require a secret API_KEY and show writing it into local config files — this mismatch is suspicious and reduces transparency about what secrets will be used/stored.
Persistence & Privilege
always:false (good). But the instructions explicitly tell the agent how to persist the API key into various MCP configuration files and to call a CLI to register the server; that means the skill, if followed automatically, could cause persistent credential storage in user config locations. The metadata didn't disclose these config paths, so the skill would gain persistent presence in user config without that being advertised.
What to consider before installing
Key points before installing/using this skill:
- The skill will ask for and use an Outlit MCP API key and tells the agent how to add it to local MCP config files (project .cursor/mcp.json, Claude desktop config in your OS profile) or call a 'claude mcp add' command. The metadata does not list any required credential or config paths — verify this discrepancy with the publisher.
- Do not paste high-privilege or long-lived org-wide API keys into chat. If you try it, prefer a limited-scope, read-only API key created for this skill and rotate/delete it after testing.
- Confirm the endpoint (https://mcp.outlit.ai/mcp) and the publisher are legitimate. There is no homepage or publisher info in the registry metadata, which reduces transparency.
- The skill's instructions will modify files in your project or user profile if followed. Require the agent to ask for explicit permission before writing to any local files or running the 'claude' CLI. If you do not use Claude or .cursor, those steps are unnecessary — ensure the agent checks first.
- If you want to proceed: ask the publisher to update the skill metadata to declare the API key/primary credential and the config paths it will write to, or run the integration manually yourself (add the MCP server entry) rather than letting the agent modify files automatically.
- If unsure, test in an isolated environment (throwaway account or VM) and limit the API key's permissions to read-only/organization-scoped access.Like a lobster shell, security has layers — review code before you run it.
latestvk977p0eq5w6n0ss84kdb4163j9817ghb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.