servicenow

SUSPICIOUS. The skill is coherent with its stated ServiceNow purpose and uses an official npm-distributed CLI from the same vendor, so it does not look overtly malicious. However, it routes authentication and ServiceNow data through Membrane's third-party platform, stores/manages credentials server-side, uses a mutable CLI install, and allows generated actions that broaden execution scope beyond a fixed connector surface. This is a legitimate integration pattern but higher-trust than a direct ServiceNow client, so the main concern is intermediary credential/data handling rather than malware.