ServiceNow
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: servicenow Version: 1.1.0 The OpenClaw ServiceNow skill is classified as benign. The `scripts/sn.sh` script demonstrates robust security practices, including explicit environment variable checks for credentials, URL encoding of query parameters using `jq` to prevent injection, and JSON validation for payloads. Crucially, destructive operations like `delete` and `batch` require a `--confirm` flag and `batch` defaults to dry-run mode with a safety limit. While the skill provides powerful capabilities such as full CRUD operations and file attachment management (upload/download to/from arbitrary paths), these are legitimate functions for a comprehensive ServiceNow integration and are implemented with safety measures. There is no evidence of intentional harmful behavior, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The `SKILL.md` instructions are clear and do not contain any malicious prompt injection attempts against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured ServiceNow account has broad permissions, the agent could create, modify, or delete sensitive business records across the instance.
The skill exposes broad ServiceNow Table API mutation authority across arbitrary tables rather than limiting itself to a small, predefined workflow or table set.
description: "Connect your AI agent to ServiceNow — query, create, update, and manage records across any table ... Full CRUD operations"
Use a dedicated least-privilege ServiceNow integration account, allow only needed tables/actions, and require explicit human approval for create, update, delete, attachment upload/download, and batch operations.
A single incorrect bulk query could close, update, or delete many ServiceNow records and disrupt ITSM, CMDB, or other business workflows.
The batch feature can affect hundreds or thousands of matching records from one encoded query; dry-run and --confirm help, but a mistaken query or overbroad agent action could still propagate widely.
sn_batch — Bulk update or delete records ... Runs in dry-run mode by default ... Pass `--confirm` to execute ... safety cap at 10000
Keep dry-run as the default, lower batch limits where possible, inspect matched records before execution, and require a separate human confirmation step for any bulk mutation.
Using an admin or broadly privileged ServiceNow account would give the agent broad read/write/delete authority.
The script requires ServiceNow credentials and uses them for Basic Auth to the configured instance, which is expected but means the agent operates with that account's privileges.
: "${SN_INSTANCE:?SN_INSTANCE env var required ...}" ... : "${SN_USER:?SN_USER env var required}" ... : "${SN_PASSWORD:?SN_PASSWORD env var required}" ... AUTH="$SN_USER:$SN_PASSWORD"Do not use a personal admin account. Create a dedicated API user with least-privilege ACLs, rotate the password, and store credentials securely outside the skill files.
Users have less provenance information to verify that the reviewed files match the publisher's intended release.
The registry metadata does not provide a verified source, which matters more for a high-impact administrative integration, even though the provided artifacts do include a script and no install-time downloader.
Source: unknown
Verify the publisher, compare against the advertised GitHub/homepage if available, and prefer pinned, auditable releases for production ServiceNow access.