Servicenow

41 tools. 13 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

13 can modify or destroy data
28 read-only
41 tools total

Community server · catalogue entry verified 03/07/2026

How to control Servicenow ↓

What Servicenow exposes to your agents

Read (28) Write / Execute (11) Destructive / Financial (2)
Critical Risk

The most dangerous Servicenow tools

13 of Servicenow's 41 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Servicenow

PolicyLayer is an MCP gateway — it sits between your AI agents and Servicenow, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "servicenow_bulk_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "servicenow_add_work_note": {
    "limits": [
      {
        "counter": "servicenow_add_work_note_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "servicenow_aggregate": {
    "limits": [
      {
        "counter": "servicenow_aggregate_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Servicenow — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SERVICENOW →

Instant setup, no code required.

All 41 Servicenow tools

READ 28 tools
Read servicenow_aggregate Calculate COUNT, SUM, AVG, MIN, or MAX on any ServiceNow table — optionally grouped by a field. Uses the Serv Read servicenow_discover_tables Search and list ServiceNow tables by name, label, or scope. Useful for exploring the data model. Args: - se Read servicenow_get_attachment_content Download the content of a file attachment by its sys_id. Args: - sys_id (string): sys_id of the attachment Read servicenow_get_catalog_item Get full details of a service catalog item including its variables/form fields. Args: - identifier (string) Read servicenow_get_change Get full details of a ServiceNow change request by number (CHG...) or sys_id, including implementation, backou Read servicenow_get_ci Get detailed information about a specific CMDB configuration item by name or sys_id. Args: - identifier (st Read servicenow_get_ci_relationships Traverse CMDB CI relationships from a starting configuration item. Supports recursive traversal up (dependenci Read servicenow_get_group_members Get all members of a ServiceNow user group. Args: - group_identifier (string): Group name, sys_id, or parti Read servicenow_get_incident Get full details of a single ServiceNow incident by number (e.g., INC0012345) or sys_id. Args: - identifier Read servicenow_get_instance_info Return instance version, cluster nodes, recent upgrades, and key configuration properties. No arguments requi Read servicenow_get_kb_article Get the full content of a knowledge base article by number (KB...) or sys_id. Args: - identifier (string): Read servicenow_get_record Retrieve a single ServiceNow record by sys_id from any table. Args: - table (string): Table name (e.g., inc Read servicenow_get_table_schema Inspect the field definitions (schema) of any ServiceNow table. Returns field names, types, labels, mandatory Read servicenow_get_user Get a ServiceNow user by username, email, or sys_id. Args: - identifier (string): Username (jdoe), email (j Read servicenow_list_applications List installed ServiceNow scoped applications and active plugins. Args: - search (string): Filter by applic Read servicenow_list_atf_tests List Automated Test Framework (ATF) tests and test suites available on the instance. Args: - search (string Read servicenow_list_attachments List file attachments for a ServiceNow record or query across all attachments. Args: - table_name (string): Read servicenow_list_catalog_items Browse available service catalog items. Args: - query (string): Filter (e.g., Read servicenow_list_changes List ServiceNow change requests with filters. Args: - query (string): Encoded query filter. Default shows a Read servicenow_list_groups List ServiceNow user groups. Args: - query (string): Filter (e.g., Read servicenow_list_incidents List and search ServiceNow incidents with filters. Args: - query (string): Encoded query (e.g., Read servicenow_list_sc_requests List service catalog requests (REQ records) with filters. Args: - query (string): Encoded query (e.g., Read servicenow_list_users List and search ServiceNow users. Args: - query (string): Encoded query (e.g., Read servicenow_query_logs Query the ServiceNow system log (syslog table) for errors, warnings, and debug messages. Args: - query (str Read servicenow_query_records Query records from any ServiceNow table using an encoded query string. Use this for ad-hoc queries on any tab Read servicenow_search_artifacts Search across ServiceNow developer artifacts — business rules, script includes, client scripts, UI actions, an Read servicenow_search_ci Search for ServiceNow CMDB configuration items (CIs) by name, type, location, or any filter. Args: - query Read servicenow_search_knowledge Search the ServiceNow knowledge base for articles by keyword, category, or filter. Args: - search_text (str

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Servicenow

Can an AI agent delete data through the Servicenow MCP server? +

Yes. The Servicenow server exposes 2 destructive tools including servicenow_bulk_delete, servicenow_delete_record. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Servicenow? +

The Servicenow server has 10 write tools including servicenow_add_work_note, servicenow_bulk_update, servicenow_create_change. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Servicenow.

How many tools does the Servicenow MCP server expose? +

41 tools across 4 categories: Destructive, Execute, Read, Write. 28 are read-only. 13 can modify, create, or delete data.

How do I enforce a policy on Servicenow? +

Register the Servicenow MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Servicenow tool call.

Deterministic rules across all 41 Servicenow tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

41 Servicenow tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.