Kibana

Security checks across malware telemetry and agentic risk

Overview

The skill is a transparent Kibana integration, but it exposes a broader and more side-effect-capable API surface than its headline description clearly scopes.

Install only if you trust Maton to broker your Kibana access. Use a dedicated least-privilege Kibana API key, avoid admin credentials, review exact resource IDs and connector payloads before approving any write or execute action, and remove the Maton connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill advertises a scoped Kibana integration for saved objects, dashboards, data views, spaces, alerts, and fleet, but the documented API surface also exposes connectors/actions, security role inspection, and cases endpoints. This scope expansion increases the reachable privilege and data surface beyond user expectations and makes it easier for an agent to perform sensitive operations not clearly justified by the manifest.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: Connector execution allows the skill to trigger external side effects, such as sending emails or invoking other action backends, which goes beyond the stated Kibana resource-management purpose. In an agent context, this can turn a nominal observability integration into an outbound action primitive capable of data exfiltration, alert spam, or unauthorized workflow triggering.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal