Servicenow

Security checks across malware telemetry and agentic risk

Overview

This ServiceNow skill appears legitimate, but it deserves review because it can create, update, or directly call broad ServiceNow APIs against sensitive business data without documented confirmation safeguards.

Install only if you trust Membrane and intend to give it delegated access to your ServiceNow tenant. Use a least-privileged ServiceNow account, review or pin the CLI package before global installation, and require explicit confirmation before any create, update, delete, user/group, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents create and update actions against live ServiceNow records without requiring confirmation, authorization checks, or warning that these operations modify enterprise systems. In an agent setting, that increases the risk of unintended record creation or alteration from ambiguous prompts or mis-executed workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The proxy feature allows direct access to arbitrary ServiceNow API endpoints through an authenticated connection, but the documentation does not warn about destructive methods, mass data access, or privacy-sensitive records. This materially expands the attack surface because an agent can bypass the safer curated actions and issue broad read/write requests to the tenant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal