ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CMDB Compass

The first CMDB governance skill for ServiceNow. Audit, remediate, and govern your CMDB from any AI agent. Health scoring, duplicate detection, relationship a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 169 · 0 current installs · 0 all-time installs
bynexecute@nexecuteinc
duplicate of @nexecuteinc/cmdb-compass
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (ServiceNow CMDB governance) matches the declared requirements: python/pip and ServiceNow instance credentials. Required binaries and env vars are appropriate for a Python-based ServiceNow client.
Instruction Scope
SKILL.md instructs installing the MCP server, configuring an MCP client with the ServiceNow URL/username/password, and running the Python module. It does not instruct reading unrelated files, exfiltrating data, or contacting unexpected endpoints beyond referenced GitHub/PyPI.
Install Mechanism
Install is via a local script that runs 'pip install cmdb-compass' from PyPI. Installing from PyPI is a standard but higher-trust step than instruction-only skills because package code runs at install / on import. The script does not download from unknown URLs, but installing third-party packages carries the usual supply-chain risk.
Credentials
The skill requires only SERVICENOW_INSTANCE_URL, SERVICENOW_USERNAME, and SERVICENOW_PASSWORD — all directly necessary to access ServiceNow REST APIs. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request system-wide config changes. It asks the user to store credentials in the MCP client config (local), which is consistent with its operation and does not appear to grant elevated platform privileges.
Assessment
This skill appears coherent with its stated purpose, but take standard precautions before installing third-party packages: 1) Verify the cmdb-compass PyPI project and associated GitHub repo/maintainers (look for recent activity, vetted owners). 2) Inspect the package source (or run pip install in an isolated environment) because Python packages execute code at install/import. 3) Use a least-privilege ServiceNow account (service account) for the credentials and rotate them if you stop using the skill. 4) If you need higher assurance, review the package code on GitHub or run the MCP server in a restricted host/container rather than on a broadly accessible machine.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.6
Download zip
latestvk976tnnrxtgcbssqp64gs68e2d830n5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, pip
EnvSERVICENOW_INSTANCE_URL, SERVICENOW_USERNAME, SERVICENOW_PASSWORD

SKILL.md

CMDB Compass

The first CMDB governance skill for ServiceNow.

Audit, remediate, and govern your ServiceNow CMDB from any AI agent. Health scoring, duplicate detection, relationship analysis, stale CI cleanup, and governed remediation with full rollback and audit trail on every write.

Install

clawhub install cmdbcompass

Or manually:

git clone https://github.com/cmdbcompass/cmdbcompass
cd cmdbcompass
bash scripts/install-mcp.sh

Configure

Add to your MCP client config:

{
  "mcpServers": {
    "cmdb-compass": {
      "command": "python",
      "args": ["-m", "servicenow_mcp.server"],
      "env": {
        "SERVICENOW_INSTANCE_URL": "https://your-instance.service-now.com",
        "SERVICENOW_USERNAME": "your_username",
        "SERVICENOW_PASSWORD": "your_password"
      }
    }
  }
}

Works with Claude Desktop, Cursor, VS Code, or any MCP-compatible client.

Capabilities

Audit tools cover health scoring, duplicate detection, relationship integrity, discovery gaps, stale CI identification, and CSDM 5.0 compliance. All audit operations are read-only and unlimited.

Write operations including merging duplicates, retiring stale CIs, bulk field updates, and relationship healing create an immutable audit trail and can be fully rolled back by session.

Requirements

Python 3.10+ and a ServiceNow instance with REST API access.

License

MIT. See LICENSE for details.

Contact

hello@cmdbcompass.com · Issues

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…