⚠️ UNRELIABLE: Attempts to trigger a scheduled job via sys_trigger, but CANNOT guarantee execution. The job runs asynchronously when the ServiceNow scheduler picks it up — this frequently times out. Do NOT rely on this for verification or testing. Only use when you need to trigger a specific exis...
AI agents invoke snow_trigger_scheduled_job to trigger actions in Serac. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool initiates execution of an external ServiceNow scheduled job with effects that depend on the job being triggered. While the description warns of unreliability, the core function remains triggering asynchronous operations outside the tool's direct control. This is Execute rather than Write because it runs processes/jobs rather than simply modifying data.
From the tool's definition Tool description explicitly states it "Attempts to trigger a scheduled job" and "runs asynchronously when the ServiceNow scheduler picks it up." The verb 'trigger' combined with 'scheduled job' indicates external operation execution whose effects depend on…
Attacks that exploit this kind of access
⚠️ UNRELIABLE: Attempts to trigger a scheduled job via sys_trigger, but CANNOT guarantee execution. The job runs asynchronously when the ServiceNow scheduler picks it up — this frequently times out. Do NOT rely on this for verification or testing. Only use when you need to trigger a specific existing scheduled job and can accept that it may not run. It is categorised as a Execute tool in the Serac MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Serac MCP server in PolicyLayer and add a rule for snow_trigger_scheduled_job: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Serac. Nothing to install.
snow_trigger_scheduled_job is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the snow_trigger_scheduled_job rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for snow_trigger_scheduled_job. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
snow_trigger_scheduled_job is provided by the Serac MCP server (serac-labs/serac). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
snow_trigger_scheduled_job is one line of Serac's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →