Unified tool for ServiceNow email template lifecycle beyond creation: list, preview, send_test, import, export, clone. Wraps sysevent_email_template. Actions: - list — list templates, optionally filtered by table or active flag - preview — render the template against a sample record (subject, bod...
AI agents use snow_email_template_manage to create or update resources in Serac — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Serac environment.
The most impactful actions are import (creates/upserts templates) and clone (duplicates templates), both reversible Write operations. send_test crosses into Execute territory by triggering real email delivery, but is explicitly a test action with controlled scope. The tool does not delete or irreversibly destroy data (no Destructive), does not move money (no Financial), and primarily manages email template lifecycle.
From the tool's definition Tool performs reversible write operations: 'import — create or upsert a template', 'clone — duplicate a template under a new name'. Also includes 'send_test — send the rendered template as a real email', which triggers an external email action.
Attacks that exploit this kind of access
Unified tool for ServiceNow email template lifecycle beyond creation: list, preview, send_test, import, export, clone. Wraps sysevent_email_template. Actions: - list — list templates, optionally filtered by table or active flag - preview — render the template against a sample record (subject, body, sms — no email sent) - send_test — send the rendered template as a real email to a specified address - import — create or upsert a template from a JSON payload - export — return the full template as a JSON payload suitable for re-import - clone — duplicate a template under a new name Use when: the agent needs to maintain templates after they exist — auditing them, testing rendering against a real record, sending a one-off test email, or moving a template between instances via JSON. For authoring a new template, use snow_create_email_template; for managing the event-to-template binding, use snow_email_notification_manage. Returns: template records with sys_id, name, subject, content_type, collection (table); preview/test results with rendered subject and body. It is categorised as a Write tool in the Serac MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Serac MCP server in PolicyLayer and add a rule for snow_email_template_manage: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Serac. Nothing to install.
snow_email_template_manage is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the snow_email_template_manage rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for snow_email_template_manage. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
snow_email_template_manage is provided by the Serac MCP server (serac-labs/serac). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
snow_email_template_manage is one line of Serac's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →