ServiceNow MCP Server

Enables authenticated interaction with ServiceNow via its REST API using per-user OAuth 2.0 tokens. It provides tools for managing incidents, tasks, knowledge articles, and service catalog requests while maintaining user-specific permissions.

→ windoze95/servicewow-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Known vulnerabilities in dependencies: 2 critical, 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 2 credentials: SERVICENOW_CLIENT_SECRET, TOKEN_ENCRYPTION_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configALLOWED_ORIGINS

configLOG_LEVEL

configMCP_PORT

configRATE_LIMIT_PER_USER

configREDIS_URL

configSERVICENOW_CLIENT_ID

🔐 secretSERVICENOW_CLIENT_SECRET

configSERVICENOW_INSTANCE_URL

configTLS_CERT_PATH

🔐 secretTOKEN_ENCRYPTION_KEY— npm run generate-key # paste into

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/windoze95-servicewow-mcp-1yuk3a)](https://m8ven.ai/mcp/windoze95-servicewow-mcp-1yuk3a)

commit: 1f38b9d2578a0b574ce9dec69abdcfe738e33c27

code hash: b298e8d15260d31c8c0ea086425d58ed4b62b005f97fa086e347878d247ce323

verified: 4/11/2026, 2:49:50 PM

view raw JSON →