ServiceNow Agent
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed read-only ServiceNow CLI, but it uses ServiceNow credentials and can read broad ticket, attachment, and history data.
Before installing, make sure you are comfortable giving this skill read access to ServiceNow through a least-privilege account. Configure only the intended ServiceNow HTTPS domain, keep query limits and returned fields small, avoid broad attachment/history reads unless needed, and ignore any non-GET endpoints present in the reference YAML files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with a highly privileged ServiceNow account, the agent could retrieve sensitive records, comments, attachments, or catalog data within that account's permissions.
The CLI sends ServiceNow Basic Auth credentials with API requests. This is purpose-aligned, but the credential can expose whatever ServiceNow data that account is allowed to read.
const auth = Buffer.from(`${username}:${password}`).toString('base64'); ... 'Authorization': `Basic ${auth}`,Use a least-privilege read-only ServiceNow account, document the credential requirement in registry metadata, and ensure the configured domain uses HTTPS.
Large or broad queries could place sensitive ServiceNow records or attachment contents into the agent's working context.
The skill exposes broad read operations across ServiceNow tables, batches, attachments, and ticket history. This matches the advertised read-only purpose, but the scope can include sensitive enterprise data.
- list table lists records from a table - batch file.json runs multiple read requests in one call - attach reads attachments and file content - history table sys_id reads full comment and work note timeline
Keep sysparm_limit and sysparm_fields narrow, query only necessary tables and records, and avoid running broad batch reads unless the user explicitly asks.
An agent or user relying on the raw reference files instead of the skill instructions could notice write endpoints that are outside the skill's intended scope.
The bundled API reference includes mutating Table API endpoints even though SKILL.md instructs GET-only use. The visible CLI code and instructions appear read-only, so this is an instruction-scope note rather than evidence of mutation behavior.
post: description: "Create a record" ... put: description: "Modify a record" ... delete: description: "Delete a record"
Use only the bundled read-only CLI commands and GET endpoints; do not add or invoke POST, PUT, PATCH, or DELETE workflows for this skill.
Users have less independent context for who maintains the skill and where to verify updates.
The registry information does not provide an upstream source or homepage, limiting provenance checks before installation.
Source: unknown Homepage: none
Review the bundled cli.mjs before use, install only from trusted publishers, and prefer a skill version with a verifiable source repository.