ClawHub
Back to skill
v0.1.1

ServiceNow Agent

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

This is a coherent read-only ServiceNow CLI skill, but it needs ServiceNow credentials and can read broad ServiceNow records, history, and attachments allowed by that account.

GuidanceBefore installing, configure a dedicated read-only ServiceNow account with the smallest necessary permissions, keep credentials secure, confirm the domain is the intended HTTPS ServiceNow instance, and prefer narrow queries with explicit fields and limits.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
list table lists records from a table ... attach reads attachments and file content ... history table sys_id reads full comment and work note timeline

The skill exposes broad read-only ServiceNow operations, including attachments and full ticket history. This matches the stated purpose, but these reads may contain sensitive business information.

User impactThe agent may retrieve incident details, internal work notes, attachments, or other records available to the configured ServiceNow account.
RecommendationLimit the ServiceNow account's ACLs, use sysparm_limit and sysparm_fields to minimize returned data, and review requests before using the skill on sensitive tables.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
cli.mjs
const username = args.username || args.user || process.env.SERVICENOW_USERNAME || dotenv.SERVICENOW_USERNAME; const password = args.password || args.pass || process.env.SERVICENOW_PASSWORD || dotenv.SERVICENOW_PASSWORD;

The CLI uses ServiceNow account credentials from flags, environment variables, or .env. This is expected for ServiceNow access, but the account's ServiceNow permissions determine what data the agent can read.

User impactIf installed with a powerful ServiceNow account, the agent can read any ServiceNow data that account is allowed to access.
RecommendationUse a dedicated least-privilege read-only ServiceNow account, keep credentials out of shell history where possible, and verify the configured domain uses HTTPS.