Back to skill
Skillv0.1.1
VirusTotal security
ServiceNow Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:02 AM
- Hash
- a4840a7570c7b3a0f69ef8ee9d08280e629fe3a8c3a97dbf27ffd1c95b0116e2
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: servicenow-agent Version: 0.1.1 The skill is designed for read-only access to ServiceNow APIs, a claim consistently reinforced in the `SKILL.md` documentation and strictly enforced by the `cli.mjs` code. While the underlying OpenAPI specifications (`references/*.yaml`) define POST, PUT, and DELETE endpoints, the `cli.mjs` script explicitly implements and allows only GET operations for all API interactions, preventing any write or modification actions. File system access is limited to reading `.env` and batch JSON files, and writing downloaded attachment content to a user-specified path, which is a legitimate function for a download utility. There is no evidence of prompt injection attempting to subvert the agent's behavior, data exfiltration to unauthorized endpoints, or malicious execution.
- External report
- View on VirusTotal