High-risk tools in Now Sdk Ext
9 of the 86 tools in Now Sdk Ext are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
aggregate_groupedExecuteRun aggregate functions (COUNT, AVG, MIN, MAX, SUM) grouped by a field on any
-
execute_actionExecuteExecute a ServiceNow Flow Designer action by scoped name.
-
execute_flowExecuteExecute a published ServiceNow Flow Designer flow by scoped name.
-
execute_scriptExecuteExecute JavaScript on a ServiceNow instance using Scripts - Background
-
execute_subflowExecuteExecute a ServiceNow Flow Designer subflow by scoped name.
-
run_atf_testExecuteExecute a single ServiceNow ATF (Automated Test Framework) test by its sys_id.
-
run_atf_test_suiteExecuteExecute a ServiceNow ATF test suite and wait for all tests to complete.
-
test_flowExecuteTest a ServiceNow Flow Designer flow without requiring it to be published.
-
install_store_appExecuteInstall a ServiceNow store application on the target instance.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.