ServiceNow MCP Server

63 tools. 21 can modify or destroy data without limits.

21 write tools that can modify data. Rate limits recommended.

Last updated:

21 can modify or destroy data
42 read-only
63 tools total

Community server · catalogue entry verified 29/06/2026

How to control ServiceNow MCP Server ↓

What ServiceNow MCP Server exposes to your agents

Read (42) Write / Execute (21) Destructive / Financial (0)
High Risk

The most dangerous ServiceNow MCP Server tools

21 of ServiceNow MCP Server's 63 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control ServiceNow MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and ServiceNow MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "add_change_request_work_note": {
    "limits": [
      {
        "counter": "add_change_request_work_note_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "count_cis_by_class": {
    "limits": [
      {
        "counter": "count_cis_by_class_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register ServiceNow MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SERVICENOW →

Instant setup, no code required.

All 63 ServiceNow MCP Server tools

WRITE 21 tools
Write add_change_request_work_note Add a work note (internal) or comment (customer-visible) to a change request. Write add_work_note Add a work note (internal) or comment (customer-visible) to an incident. Write approve_or_reject Approve or reject a pending approval with optional comments. Write attach_variable_set Attach a variable set to a catalog item via the M2M table. Write change_update_set Change the authenticated user Write create_catalog_client_script Create a client-side script (onChange/onLoad/onSubmit) for a catalog item or variable set. Write create_catalog_item Create a new service catalog item (form container) in ServiceNow. Write create_catalog_ui_policy Create a UI policy (declarative show/hide/mandatory rules) for a catalog item or variable set. Write create_catalog_ui_policy_action Create a field action within a catalog UI policy (set visible/mandatory/disabled). Write create_catalog_variable Create a form variable (field) on a catalog item. Write create_change_request Create a new change request in ServiceNow. Requires at least a short description. Write create_incident Create a new incident in ServiceNow. Requires at least a short description. Write create_update_set Create a new update set in ServiceNow and optionally set it as the current update set. Write create_variable_choice Create a choice option for a select box or multiple choice variable. Write create_variable_set Create a reusable variable set that can be attached to multiple catalog items. Write submit_catalog_request Submit a request for a catalog item with variable values. Creates the request as the authenticated user. Write update_catalog_client_script Update fields on an existing catalog client script. Write update_catalog_item Update fields on an existing catalog item. Write update_catalog_variable Update fields on an existing catalog variable. Write update_change_request Update fields on an existing change request. Provide the change number or sys_id and the fields to update. Write update_incident Update fields on an existing incident. Provide the incident number or sys_id and the fields to update.
READ 42 tools
Read count_cis_by_class Aggregate the entire CMDB by class via the ServiceNow Aggregate API (/api/now/stats/cmdb_ci grouped by sys_cla Read find_stale_cis Find migration-skip candidate CIs by one staleness signal at a time: Read get_acl Get one access control (sys_security_acl) by sys_id with its full record — including the Read get_article Get full details of a knowledge article by sys_id. Read get_business_rule Get the full record for one business rule (sys_script) by sys_id, including the complete Read get_catalog_item Get full details and form variables for a catalog item. Read get_change_request Get full details of a specific change request by change number (CHG...) or sys_id. Read get_change_request_approvals Get approval records linked to a change request. Read get_ci Get the full record for one configuration item by sys_id. Fetched from the cmdb_ci parent without a field rest Read get_ci_relationships Read cmdb_rel_ci for a configuration item in both directions: rows where the CI is the parent (parent_of) and Read get_ci_ticket_references Count incident, change_request, and problem records that reference a configuration item (via their cmdb_ci fie Read get_client_script Get one client script (sys_script_client) by sys_id, including the full Read get_current_update_set Get the authenticated user Read get_data_policy Get one data policy (sys_data_policy2) by sys_id with its full record (including conditions) and its per-field Read get_flow_action_inputs Expand the configured INPUT VALUES of one Flow Designer action instance (sys_hub_action_instance) by sys_id — Read get_flow_definition Get a Flow Designer flow definition (sys_hub_flow) by sys_id, with its trigger instance(s) and ordered action Read get_flow_execution Get full details of a single Flow Designer execution (sys_flow_context) by sys_id, including its step-by-step Read get_incident Get full details of a specific incident by incident number (INC...) or sys_id. Read get_list_view Read list view column layouts (sys_ui_list) and their ordered columns (sys_ui_list_element). Provide a Read get_my_approvals Get pending approvals for the authenticated user. Read get_my_profile Get the authenticated user Read get_my_tasks Get all open tasks assigned to the authenticated user across all task types (incidents, requests, changes, etc Read get_scheduled_job Get full details of a Scheduled Job (sysauto and all subclasses) by sys_id. Returns all fields for the record Read get_ui_policy Get one UI policy (sys_ui_policy) by sys_id with its full record (including the conditions and the script_true Read list_catalog_variables List variables (form fields) for a catalog item, ordered by display order. Read lookup_group Search for a ServiceNow assignment group by name. Returns group details. Read lookup_user Search for a ServiceNow user by name, email, or employee ID. Returns user profile information. Read my_tool_name What this tool does — be specific for LLM discoverability Read search_acls Search access controls (sys_security_acl) by name, operation, type, and active flag. Read search_business_rules Search business rules (sys_script) by the table they run on (collection), name, execution phase (when), active Read search_catalog_items Search the service catalog by keyword. Returns items the user has access to. Read search_change_requests Search for change requests with various filters. Returns a paginated summary list. Read search_cis Search the CMDB (cmdb_ci and every subclass: cmdb_ci_server, cmdb_ci_db_instance, cmdb_ci_appl, …) by class, n Read search_client_scripts Search client scripts (sys_script_client) — browser-side form logic that runs onLoad, onChange, onSubmit, or o Read search_data_policies Search data policies (sys_data_policy2 — the Read search_flow_definitions Search Flow Designer flow/subflow definitions (sys_hub_flow) by name, active flag, and type. Use this to find Read search_flow_executions Search Flow Designer execution history (sys_flow_context) — one record per flow, subflow, or action run. Use t Read search_incidents Search for incidents with various filters. Returns a paginated summary list. Read search_knowledge Search knowledge base articles by keyword. Returns articles the user has access to. Read search_navigator_modules Search application navigator modules (sys_app_module) — the menu items in the left-hand nav. For a Read search_scheduled_jobs Search Scheduled Jobs (sysauto and all subclasses: sysauto_script, sysauto_template, sysauto_report, sysauto_i Read search_ui_policies Search UI policies (sys_ui_policy) — client-side rules that make form fields mandatory / visible / read-only /

Questions about ServiceNow MCP Server

How do I prevent bulk modifications through ServiceNow MCP Server? +

The ServiceNow MCP Server server has 21 write tools including add_change_request_work_note, add_work_note, approve_or_reject. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach ServiceNow MCP Server.

How many tools does the ServiceNow MCP Server MCP server expose? +

63 tools across 2 categories: Read, Write. 42 are read-only. 21 can modify, create, or delete data.

How do I enforce a policy on ServiceNow MCP Server? +

Register the ServiceNow MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every ServiceNow MCP Server tool call.

Deterministic rules across all 63 ServiceNow MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

63 ServiceNow MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.