Kibana

Security checks across malware telemetry and agentic risk

Overview

This Kibana skill is not deceptive, but it needs Review because it gives an agent broad authenticated Kibana API access, including write and delete methods, without clear safety guardrails.

Install only if you trust Membrane and are comfortable routing Kibana access through it. Use a least-privilege Kibana account or non-production space first, prefer discovered Membrane actions, and require explicit approval before any proxy request that creates, changes, or deletes Kibana content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents a generic proxy request capability that supports arbitrary HTTP methods, headers, and bodies against Kibana endpoints, but does not require confirmation before state-changing operations. In an agent setting, this increases the chance that the model could perform destructive or high-impact actions such as modifying saved objects, alerts, cases, or other records without sufficiently explicit user consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal