B

ServiceNow MCP Server

ServiceNow's official first-party MCP Server Console (Action Fabric), GA in the Zurich release (May 2026). Exposes Now Assist Skills, Knowledge Graph, Subflows/Actions, and Scripted REST APIs as governed MCP tools. OAuth 2.0 Authorization Code Grant / OAuth 2.1 over Streamable HTTP (optional SSE). Runs on the customer's own Now Platform instance (self-hosted, per-user OAuth). Replaces the community michaelbuckner/servicenow-mcp listing. Note: scores other than authentication are a provisional assessment from ServiceNow's documentation pending a live tool-level audit.

Overall Score75/100

Score Breakdown

Server Info

Package
Per-instance <instance>.service-now.com MCP Server Console URL
Registry
remote
Maintainer
ServiceNowVendor
Category
Customer Support
Tags
itsmticketsenterprisehostedoauth
Last Scanned
7 Apr 2026

Findings

3 issues

Authentication & Identity

LOWImplements MCP OAuth spec for per-user authentication

Official ServiceNow MCP Server Console (Action Fabric), GA Zurich release 2026-05. Uses OAuth 2.0 Authorization Code Grant (OAuth 2.1 supported) to authenticate all connections, running on the customer's own Now Platform instance (self-hosted, but per-user OAuth rather than a shared credential). Streamable HTTP transport with optional SSE. The community michaelbuckner/servicenow-mcp repo is not referenced by any official source.

Remediation

Document the required OAuth scopes for each tool.

Tool Schema Quality

MEDIUMTool schemas not independently audited

The hosted server has no public source repository, so tool input schemas, required fields, and parameter constraints could not be verified directly. Provisional score pending a live tool-level audit.

Remediation

Run a live audit against the hosted endpoint to enumerate and score tool schemas.

Data Exposure

MEDIUMPagination and field selection not verified

Whether list operations paginate and support field selection could not be verified without a live audit of the hosted tool surface.

Remediation

Audit list operations for pagination and field-selection support.

Deploy ServiceNow MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow