Outlit MCP

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Outlit MCP setup guide for read-only customer analytics access, with normal credential and config-file risks for this kind of integration.

Install only if you want this agent to access Outlit analytics. Verify the API key comes from Outlit's MCP Integration settings, prefer a least-privilege key if available, keep the key out of shared repositories and chat logs where possible, and ask for bounded queries so customer, user, and revenue data is not pulled more broadly than needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill is explicitly designed to access customer intelligence data and instructs the agent to request and use API credentials, but it does not warn about sensitive-data handling, least-privilege use, or avoiding disclosure of customer records and bearer tokens. In this context, the omission increases the chance that operators or downstream agents expose credentials in chat, logs, config files, or over-broad queries against customer analytics data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal