← 返回 Skills 市场
2120
总下载
1
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install servicenow-agent
功能描述
Read-only CLI access to ServiceNow Table, Attachment, Aggregate, and Service Catalog APIs; includes schema inspection and history retrieval (read-only).
安全使用建议
Before installing, verify and correct the credential metadata mismatch: the skill needs SERVICENOW_DOMAIN, SERVICENOW_USERNAME, and SERVICENOW_PASSWORD (or you must pass them on the command line). Use a least-privileged ServiceNow account scoped to read-only access and avoid saving production passwords in plaintext .env files — consider using runtime flags or a secrets store instead. Inspect cli.mjs yourself (it is included) to confirm only GET requests are made in your use cases. Note the package includes OpenAPI reference files that mention POST/DELETE endpoints; those are not used by the CLI but are an inconsistency to be mindful of. If you do proceed, run the tool in an isolated/test environment first and rotate or revoke the credentials after testing. If you need higher assurance, ask the publisher to update registry metadata to declare required env vars and to document why reference files include write endpoints even though the CLI is read-only.
功能分析
Type: OpenClaw Skill
Name: servicenow-agent
Version: 0.1.1
The skill is designed for read-only access to ServiceNow APIs, a claim consistently reinforced in the `SKILL.md` documentation and strictly enforced by the `cli.mjs` code. While the underlying OpenAPI specifications (`references/*.yaml`) define POST, PUT, and DELETE endpoints, the `cli.mjs` script explicitly implements and allows only GET operations for all API interactions, preventing any write or modification actions. File system access is limited to reading `.env` and batch JSON files, and writing downloaded attachment content to a user-specified path, which is a legitimate function for a download utility. There is no evidence of prompt injection attempting to subvert the agent's behavior, data exfiltration to unauthorized endpoints, or malicious execution.
能力评估
Purpose & Capability
The skill's stated purpose is a read-only ServiceNow CLI and the included cli.mjs implements read operations using Basic Auth; requiring only 'node' as a binary is reasonable. However the published registry metadata lists no required environment variables or primary credential while SKILL.md and cli.mjs clearly expect SERVICENOW_DOMAIN, SERVICENOW_USERNAME, and SERVICENOW_PASSWORD (or equivalent flags). That metadata mismatch is an incoherence — a consumer would legitimately expect the skill to declare the required credentials up front.
Instruction Scope
SKILL.md instructs the agent to read a .env file in the skill folder and to use the bundled CLI for GET-only requests. cli.mjs does read .env via loadDotEnv and will read any batch JSON file path supplied (relative to cwd or absolute). Reading a .env and user-provided JSON files is expected for this CLI, but be aware the tool will read any file path you give it (so don't pass sensitive local files). The skill advertises 'read-only' but some included OpenAPI reference files describe POST/PUT/DELETE endpoints — the CLI code itself enforces GET-only usage, but the presence of write-capable reference documents is an inconsistency to note.
Install Mechanism
There is no install spec (instruction-only + included script) and the only required binary is node. No external downloads or archive extraction are present in the package, which is low risk from an installer perspective.
Credentials
The skill requires ServiceNow credentials (domain, username, password) to function, yet the registry metadata does not declare any required environment variables or primary credential — this is a meaningful mismatch. The SKILL.md recommends storing credentials in a .env file inside the skill folder (plaintext), which is insecure practice unless the user understands and accepts the risk. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify other skills or system-wide settings, and does not install background services. It runs on-demand as a CLI script, which is proportionate to its functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install servicenow-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/servicenow-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Add schema, history, attachment, stats, service-catalog, presets, docs
v0.1.0
Initial read-only CLI + docs
元数据
常见问题
ServiceNow Agent 是什么?
Read-only CLI access to ServiceNow Table, Attachment, Aggregate, and Service Catalog APIs; includes schema inspection and history retrieval (read-only). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2120 次。
如何安装 ServiceNow Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install servicenow-agent」即可一键安装,无需额外配置。
ServiceNow Agent 是免费的吗?
是的,ServiceNow Agent 完全免费(开源免费),可自由下载、安装和使用。
ServiceNow Agent 支持哪些平台?
ServiceNow Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ServiceNow Agent?
由 Seth Rose(@thesethrose)开发并维护,当前版本 v0.1.1。
推荐 Skills