Outlit Cli
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent Outlit CLI reference, but it deserves review because it can access customer data and includes a no-confirm command to configure all detected AI agents.
Install only if you intend to use Outlit CLI with your Outlit account. Be careful with API keys and customer-data outputs, and avoid the broad `outlit setup --yes` path unless you understand exactly which AI-agent configurations it will change.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this command could change multiple AI-agent environments at once without a per-agent review prompt.
The skill documents a no-confirm setup command that can configure every detected AI agent. That is purpose-related, but it is broad and lacks details about which agents/files are changed, what permissions are needed, or how to review and undo the changes.
`outlit setup` | Auto-detect and configure AI agents ... **Setup all detected agents at once:** `outlit setup --yes`
Prefer configuring a specific agent, such as `outlit setup openclaw`, and avoid `--yes` unless you have reviewed what the CLI will modify and know how to roll it back.
Anyone or any process with access to the stored key or environment variable may be able to query the associated Outlit account.
The skill uses an Outlit API key and can store it locally. This is expected for the Outlit CLI, but the registry metadata does not declare a primary credential or env vars.
`outlit auth login` | Store API key ... Credential priority: `--api-key` flag, `OUTLIT_API_KEY` env var, `~/.config/outlit/credentials.json`
Use least-privileged API keys if available, avoid putting real keys in shared shell history or logs, and run `outlit auth logout` when the integration is no longer needed.
Sensitive customer or business information could be displayed in chat, terminal logs, shell history, or copied into later agent context.
The documented commands can retrieve customer, user, revenue, event, and behavioral context into the terminal and potentially into the agent conversation.
`outlit customers get <id|domain>` ... `--include users,revenue,recentTimeline,behaviorMetrics`; `events` | All tracked events; `outlit search '<query>'` | Natural language search across customer context
Query only the customers and fields needed, avoid pasting sensitive outputs into unrelated chats, and treat CLI results as confidential business data.
The security of the installed CLI depends on the npm package and its dependencies, which were not reviewed here.
The reviewed skill contains only instructions and tells users to install a global npm CLI package whose source code is not included in the artifacts.
Customer intelligence from the terminal. Install: `npm i -g @outlit/cli`
Install only from the expected npm package, verify the publisher/version where possible, and consider pinning a known-good version in managed environments.