Kibana Saved Objects
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The visible artifacts match a Kibana Saved Objects helper, but it can change, overwrite, or delete Kibana dashboards and related objects, so it should only be used against an intended Kibana instance.
Before installing or using this skill, confirm the Kibana URL is correct, prefer a least-privilege account or test environment, and make backups before import, overwrite, delete, or bulk operations.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong operation or targeting the wrong object could change or delete shared Kibana content.
The skill intentionally exposes mutating Kibana Saved Objects operations. This is aligned with the stated purpose, but mistakes or overbroad use could alter or remove dashboards, Lens visualizations, saved searches, or data views.
Key operations: create, update, delete, bulk_create, bulk_get, export, import_objects.
Use explicit object IDs and target URLs, export backups before imports/deletes, and require human review for delete, overwrite, or bulk operations.
If pointed at a production or broadly accessible Kibana instance, the scripts may act with the permissions available to that connection.
The skill does not declare or store credentials, so authority depends on whatever access the target Kibana endpoint allows. For a management API, users should still treat the target endpoint and any ambient authentication as a permission boundary.
Primary credential: none; Required env vars: none
Use a least-privilege Kibana account or restricted network access, and avoid running against production unless the requested change is intentional.