ServiceNow MCP Server
Community Python MCP server for ServiceNow incident management with natural language support
Score Breakdown
Server Info
- Package
- mcp-server-servicenow
- Registry
- pypi
- Repository
- michaelbuckner/servicenow-mcp
- Maintainer
- Community
- Category
- Customer Support
- Tags
- itsmticketsenterprise
- Last Scanned
- 7 Apr 2026
Findings
8 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Supports stdio and SSE transports (selectable via --transport CLI flag). Offers three auth methods: Basic auth (username/password), Token auth (bearer token), and OAuth (client_id/client_secret/username/password). OAuth implementation uses password grant flow with refresh token support. Env vars loaded via python-dotenv. The server-side OAuth is for ServiceNow API auth, not MCP OAuth spec.
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
CRITICALDangerous execution surface: natural_language_update
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: update_script
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Permission Granularity
HIGH1 destructive operations not isolated
Admin/delete tools are mixed with regular operations and cannot be independently disabled.
Namespace admin tools separately for independent access control.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Differentiate descriptions with unique use cases.
Maintenance & Trust
LOWCommunity-maintained by Michael Buckner
No official vendor backing.
Seek vendor verification.
Tools
10 total| Name | Description | Risk |
|---|---|---|
| create_incident | Create a new incident in ServiceNow | write |
| update_incident | Update an existing incident in ServiceNow | write |
| search_records | Search for records in ServiceNow using text query | read |
| get_record | Get a specific record by sys_id | read |
| perform_query | Perform a query against ServiceNow | read |
| add_comment | Add a comment to an incident (customer visible) | write |
| add_work_notes | Add work notes to an incident (internal) | write |
| natural_language_search | Search for records using natural language | read |
| natural_language_update | Update a record using natural language | write |
| update_script | Update a ServiceNow script | admin |
Deploy ServiceNow MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow