High-risk tools in ServiceNow MCP Server
16 of the 384 tools in ServiceNow MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
deploy-updatesetExecutePreview and commit an update set
-
execute_background_scriptExecuteExecute a background script on the instance (server-side JavaScript). **[Scripting]**
-
ml_model_training_historyExecuteGet training run history and accuracy trends for an ML solution over time
-
ml_train_anomaly_detectorExecuteTrigger training of an anomaly detection model for a specific table/field. **[Write]**
-
ml_train_change_riskExecuteTrigger training of the change risk prediction ML model. **[Write]**
-
ml_train_incident_classifierExecuteTrigger training of the incident classification ML solution. **[Write]**
-
run_aggregate_queryExecuteRun a grouped aggregate (COUNT, SUM, AVG) query on any table (latest release: /api/now/stats/{table})
-
run_atf_suiteExecuteExecute an ATF test suite (requires ATF_ENABLED=true)
-
run_atf_testExecuteExecute a single ATF test (requires ATF_ENABLED=true)
-
run_discovery_scanExecute[Write] Trigger a ServiceNow Discovery scan for network/infrastructure
-
run_security_playbookExecuteExecute a security response playbook against an incident. **[Write]**
-
run_transform_mapExecuteExecute a Transform Map on an Import Set to load data (requires WRITE_ENABLED=true)
-
run-atfExecuteTrigger an ATF test suite and report results
-
trigger_agentic_playbookExecuteInvoke an Agentic Playbook — context-aware AI agents that complete tasks autonomously
-
trigger_flowExecuteTrigger a Flow Designer flow with optional input parameters (requires WRITE_ENABLED=true)
-
trigger_scheduled_jobExecuteImmediately execute a scheduled job on-demand (requires WRITE_ENABLED=true)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.