Critical-risk tools in ServiceNow-MCP
6 of the 412 tools in ServiceNow-MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_requestDestructiveCancel an open service catalog request (requires WRITE_ENABLED=true)
-
delete_attachmentDestructiveDelete an attachment from a record (requires WRITE_ENABLED=true)
-
delete_system_propertyDestructiveDelete a system property by name. **[Write]**
-
delete_uib_pageDestructiveDelete a UI Builder page. **[Write]**
-
remove_user_from_groupDestructiveRemove a user from a group (requires WRITE_ENABLED=true)
-
rollback_deploymentDestructiveRollback a deployment by reverting an update set. **[Write]**
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.