ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outlit Cli

v0.1.0

Use when running Outlit CLI commands, setting up Outlit for AI agents, authenticating with Outlit, querying customer data from the terminal, or troubleshooti...

0· 284·0 current·0 all-time
byRafael Thayto@rafa-thayto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and SKILL.md consistently describe a CLI helper for the Outlit product (auth, customer queries, SQL, and agent setup). That purpose justifies the CLI commands and the need for an API key. However, the SKILL metadata declares no required environment variables or config paths while the SKILL.md explicitly documents OUTLIT_API_KEY and ~/.config/outlit/credentials.json — a mismatch worth noting.
Instruction Scope
The runtime instructions are narrowly focused on running the Outlit CLI and using its commands (including SQL queries against analytics). They explicitly describe where credentials are read/written (flag, env var, credentials.json). This scope is coherent with the stated purpose, but running SQL and listing customer data is inherently sensitive — the skill instructs interacting with potentially sensitive customer data, which is expected for this tool but requires caution.
Install Mechanism
There is no registry install spec; SKILL.md tells users to run `npm i -g @outlit/cli`. That is a typical installation route for a CLI. Because the registry does not provide an install artifact or pin a release, users should treat a global npm install as executing third-party code and verify the npm package and maintainer before installing.
!
Credentials
The SKILL.md requires/uses an API key (OUTLIT_API_KEY / `--api-key`) and a credentials file (~/.config/outlit/credentials.json), yet the skill metadata lists no required env vars or config paths. This omission reduces transparency. The key format (`ok_...`) and SQL access indicate the skill will be able to access sensitive customer data when authorized — the required secrets are logical for the feature, but the registry should have declared them.
!
Persistence & Privilege
The CLI exposes `outlit setup` which 'auto-detects and configures AI agents' and lists agent targets (including `openclaw`). That implies the CLI may modify agent configuration or integration settings. The skill metadata does not declare any config-path modifications. This capability is reasonable for a setup tool, but because it may change agent configs and potentially add credentials/integrations, users should verify exactly what `outlit setup` modifies before running it.
What to consider before installing
This skill appears to be a documentation/instruction wrapper for the Outlit CLI and is not obviously malicious, but there are transparency gaps. Before installing or using it: 1) Verify the npm package @outlit/cli and its maintainer (review package source, release/tag, and recent activity). 2) Treat API keys as sensitive: prefer a scoped/ephemeral key, store it in env var only for CI, and avoid pasting long-lived keys into unknown systems. 3) Inspect what `outlit setup` and `outlit doctor` will change — run them in a controlled environment (container/VM) first to see what files/configs are modified. 4) If you must run queries (outlit sql / customers list), ensure the key has the minimum scope needed and consider limiting access to production data. 5) Ask the publisher/owner to update registry metadata to declare the OUTLIT_API_KEY and the credentials.json path so permission requests are visible at install time.

Like a lobster shell, security has layers — review code before you run it.

latestvk974v7y2d8awm3tjhtav65n8bd81z7pp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Outlit CLI

Customer intelligence from the terminal. Install: npm i -g @outlit/cli

All commands support --help for full option details.

Command Reference

CommandPurpose
outlit auth loginStore API key (interactive or --key for CI)
outlit auth logoutRemove stored key
outlit auth statusValidate current key
outlit auth whoamiPrint masked key (for scripting)
outlit auth signupOpen signup in browser
outlit customers listList/filter customers with risk signals
outlit customers get <id|domain>Customer details with optional --include users,revenue,recentTimeline,behaviorMetrics
outlit customers timeline <id|domain>Activity timeline with channel/event filters
outlit users listList/filter users across customers
outlit facts <customer>Signals and insights for a customer
outlit search '<query>'Natural language search across customer context
outlit sql '<query>'SQL against analytics DB (or --query-file)
outlit schema [table]Describe analytics tables and columns
outlit setupAuto-detect and configure AI agents
outlit setup <agent>Configure specific agent: cursor, claude-code, claude-desktop, vscode, gemini, openclaw
outlit doctorDiagnose CLI version, auth, connectivity, agents
outlit completions <shell>Generate shell completions (bash/zsh/fish)

Authentication

API key format: ok_ + 32+ alphanumeric characters.

Credential priority (first match wins):

  1. --api-key flag
  2. OUTLIT_API_KEY env var
  3. ~/.config/outlit/credentials.json (written by outlit auth login)

Quick auth for CI/scripts:

outlit auth login --key ok_your_key_here
# or
export OUTLIT_API_KEY=ok_your_key_here

Output Behavior

  • Interactive terminal: Pretty tables with colors
  • Piped stdout: Automatic JSON (no flag needed)
  • --json flag: Force JSON in any context

This means outlit customers list | jq '.items[].domain' just works.

SQL Tables

Available in outlit sql and outlit schema:

TableContains
eventsAll tracked events
customer_dimensionsCustomer attributes and metrics
user_dimensionsUser attributes and journey stages
mrr_snapshotsRevenue over time

Always run outlit schema first to discover columns before writing SQL.

Common Filters

Most list commands share these filters (check --help for specifics):

  • --billing-status PAYING|TRIALING|CHURNED|NONE
  • --no-activity-in 7d|14d|30d|90d / --has-activity-in
  • --mrr-above <cents> / --mrr-below <cents>
  • --search <term>
  • --limit <1-100> / --cursor <token> for pagination
  • --order-by <field> / --order-direction asc|desc

Common Patterns

At-risk paying customers:

outlit customers list --billing-status PAYING --no-activity-in 30d

High-value customer details:

outlit customers get acme.com --include users,revenue,behaviorMetrics

Search for churn signals:

outlit search 'complaints about pricing' --customer acme.com

Revenue query:

outlit sql 'SELECT customer_id, mrr_cents FROM mrr_snapshots ORDER BY mrr_cents DESC LIMIT 10'

Setup all detected agents at once:

outlit setup --yes

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…