ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Servicenow Docs

v1.1.0

Search and retrieve ServiceNow documentation, release notes, and developer docs (APIs, references, guides). Uses docs.servicenow.com via Zoomin and developer.servicenow.com APIs for developer topics.

0· 2.4k·0 current·0 all-time
bySeth Rose@thesethrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implemented behavior: the skill searches docs.servicenow.com (via the Zoomin/search endpoint) and developer.servicenow.com APIs and returns articles/URLs. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md and the code instruct the agent only to call ServiceNow search and developer APIs and to fetch article content. There are no instructions to read local files, environment secrets, or unrelated system state, nor to transmit data to third-party endpoints other than ServiceNow domains.
Install Mechanism
There is no install spec (instruction-only style plus an included logic.ts). No external archive downloads or unusual installers are used. package.json lists a benign runtime dependency (zod) but no install script or remote retrieval of arbitrary code.
Credentials
The skill does not request environment variables, credentials, or config paths. The HTTP requests use only public ServiceNow endpoints and standard headers (User-Agent). No secret or unrelated env access is required.
Persistence & Privilege
always:false (default) and the skill does not request any system-wide configuration changes or persistent elevated privileges. It does perform network calls at runtime (expected for this purpose).
Assessment
This skill appears to do what it says: search and fetch ServiceNow docs via ServiceNow-hosted APIs and pages, and it does not ask for credentials or local file access. Before installing, consider: 1) the skill will make HTTP requests to servicenow-be-prod.servicenow.com and developer.servicenow.com — avoid sending sensitive or private data in queries you don't want transmitted; 2) the package includes a code file (logic.ts) bundled with the skill — if you require higher assurance, review the full source (the truncated portion in the provided listing should be inspected) or prefer a skill from a known publisher/homepage; 3) the skill may rely on public ServiceNow endpoints that could change or require authentication in some contexts, so expect occasional failures. If you are comfortable with those tradeoffs, the skill is internally consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97deqt94twsx66nzj3v7m02sn7zatn7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📘 Clawdis

Comments