mcp-server
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows professional development standards for ServiceNow integrations. It provides boilerplate code and configuration steps that are consistent with the stated purpose of building an MCP server interface.
- [DATA_EXFILTRATION]: The skill defines capabilities that access sensitive ServiceNow metadata tables (e.g.,
sys_properties,sys_oauth_entity,sys_security_acl). However, these operations are limited to the context of integration setup and monitoring. The skill lacks patterns for unauthorized data transfer to external domains. - [COMMAND_EXECUTION]: The documentation includes example shell commands using
curlfor testing the implemented API endpoints. These commands are provided for manual developer verification and do not represent autonomous malicious execution. - [SAFE]: Proactive security measures are explicitly documented in Step 8 (Input Validation), addressing potential risks such as script injection in database queries and table-level access control, which demonstrates an 'assume-malicious' posture in the server's design.
Audit Metadata