Outlit SDK
PassAudited by ClawScan on May 5, 2026.
Overview
This is a coherent instruction-only guide for adding Outlit analytics, but using it may change app code and send visitor, user, customer, or billing-related tracking data to Outlit.
Before installing, make sure you want the agent to add Outlit analytics code to your app. Review all dependency and source-code changes, provide only the intended public Outlit key, and confirm what visitor, user, customer, and billing-related data may be sent to Outlit.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify package files and application setup to add Outlit SDK dependencies.
The skill may lead an agent to run package-manager installs in the user's repository. This is expected for an SDK integration guide, but it changes dependencies and should be reviewed.
Install with the detected manager. Prefer `bun add` when the repo is a Bun workspace.
Review dependency changes and code diffs before accepting them, especially in production applications.
The target app may start associating activity with user emails, IDs, fingerprints, or customer IDs in Outlit.
The guide configures an Outlit project key and user/customer identifiers for tracking. The visible instructions emphasize public keys and warn against private keys, so this appears purpose-aligned rather than abusive.
Ask for the Outlit public key from **Outlit dashboard -> Settings -> Website Tracking** ... Server `track()` requires at least one of `email`, `userId`, `fingerprint`, or `customerId`.
Confirm the Outlit public key belongs to the intended project, avoid private keys unless separately justified, and only send identifiers that are approved for analytics use.
Visitor, product, identity, customer, and possibly billing-related activity may be stored and reused in Outlit analytics.
The skill's intended data flow is persistent analytics/context storage in Outlit. This is central to the skill, but users should treat it as sensitive telemetry handling.
adding product and website tracking to the Outlit customer context graph
Use consent controls, minimize tracked properties, avoid sensitive personal data where possible, and align the integration with your privacy and retention requirements.