Kibana Data Views
WarnAudited by ClawScan on May 13, 2026.
Overview
The skill mostly matches its Kibana data-view purpose, but it includes overprivileged credential examples and live cleanup scripts that can delete or recreate Kibana configuration without strong safeguards.
Install only if you intentionally want an agent to manage Kibana data views in this Omni-Monitor-style environment. Before use, remove or rotate the shown elastic password if real, use least-privilege HTTPS credentials, run cleanup in dry-run mode first, and manually approve any deletes or recreations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or invoked, the agent could use or expose a powerful cluster credential and access Kibana saved-object data beyond the intended data-view API scope.
The skill documents use of a hard-coded Elasticsearch elastic-user credential and Kubernetes exec access, which is overprivileged for ordinary Kibana data-view management and is not declared as a required credential.
kubectl exec -n elastic elasticsearch-0 -- curl -s -u 'elastic:Changeme123' 'http://localhost:9200/.kibana/_search?size=100'
Remove hard-coded credentials, rotate the shown password if it is real, declare required authentication, and use a least-privilege Kibana API credential stored in the user's credential manager.
Running the script against a real Kibana instance can change or remove shared dashboard configuration and may break references for other users.
The cleanup script defaults to live mode and performs DELETE calls for corrupt or duplicate data views without an interactive confirmation or backup step.
dry_run = False ... print("[3/4] Cleaning up corrupt and duplicate data views...") ... delete_data_view(kibana_url, dv_id)Make dry-run the default, require an explicit --apply/--confirm flag, show exact IDs to be deleted, and recommend exporting or backing up Kibana saved objects before cleanup.
Credentials or session cookies could be intercepted if the agent connects to Kibana over plain HTTP on an untrusted network.
The documentation pairs HTTP endpoints with session-cookie or Basic authentication; this may be normal on a trusted internal network, but it can expose credentials if used over an unencrypted connection.
Base URL: http://<kibana-host>/api/data_views ... For authenticated requests, use Kibana's session cookie or Basic auth.
Use HTTPS for authenticated Kibana access whenever possible, and avoid pasting session cookies or Basic auth secrets into prompts or logs.