Servicenow Docs
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign ServiceNow documentation lookup skill; the main things to notice are that it sends queries to ServiceNow and uses a version-ranged npm dependency.
This skill looks appropriate for ServiceNow documentation lookup. Before installing, be comfortable with sending documentation search terms to ServiceNow endpoints, and avoid entering confidential data into queries. For stricter supply-chain hygiene, prefer a version with pinned dependencies and clearer source provenance.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms or requested documentation paths may be shared with ServiceNow-operated services during normal use.
The tool sends user-provided search terms to an external ServiceNow documentation API. This is disclosed and purpose-aligned, but users should know their queries leave the local environment.
let url = `${ZOOMIN_API}?q=${encodeURIComponent(query)}&publication=latest`; ... const response = await fetch(url);Use the skill for documentation lookups, but avoid putting secrets, customer data, or confidential internal details into search queries.
A future install could resolve a newer compatible dependency version than the one originally reviewed.
The package uses a semver caret range rather than an exact pinned dependency. This is a common, low-risk pattern for a small validation dependency, but it can allow future dependency version drift.
"dependencies": { "zod": "^4.3.5" }For stronger reproducibility, pin dependencies exactly or include a lockfile/provenance information when distributing the skill.