Outlit

Security checks across malware telemetry and agentic risk

Overview

Outlit is a disclosed customer-intelligence integration that can access sensitive business data, with an optional remote shell installer that users should treat carefully.

Install only if you trust Outlit and want your agent to access Outlit customer intelligence. Prefer npm or Homebrew over the remote shell installer if you want a more reviewable setup path, use scoped and revocable credentials where possible, and explicitly approve notification or integration-management actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to run `curl -fsSL https://outlit.ai/install.sh | bash`, which executes a remote script directly in the shell. In this markdown file, there is no nearby warning or disclosure about the integrity and system-impact risks of piping a downloaded script to `bash`.

External Script Fetching

High

Category: Supply Chain
Content: Fast install: ```bash curl -fsSL https://outlit.ai/install.sh | bash ``` Alternative installs:
Confidence: 90% confidence
Finding: curl -fsSL https://outlit.ai/install.sh | bash

Chaining Abuse

High

Category: Tool Misuse
Content: Fast install: ```bash curl -fsSL https://outlit.ai/install.sh | bash ``` Alternative installs:
Confidence: 70% confidence
Finding: | bash

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal