MCP Script Runner
Allows triggering GitHub Actions workflows via outbound REST calls.
Allows triggering Jenkins jobs via outbound REST calls.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Script Runnerrun a script to get all active high-priority incidents"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Script Runner
MCP Script Runner is a ServiceNow application that exposes a Model Context
Protocol (MCP) server inside a ServiceNow instance. It gives trusted AI clients
such as Build Agent a single tool, run_script, that can execute server-side
JavaScript in global scope as the authenticated ServiceNow user.
Download the update set ZIP and import the XML inside it: MCP_Script_Runner_1.0.11.zip
This is remote code execution by design. Install it only on instances where you understand and accept that risk, and grant access only to trusted users.
What It Does
MCP Script Runner lets Build Agent and other MCP clients:
Run ServiceNow server-side JavaScript through MCP.
Query and modify records through GlideRecord.
Call ServiceNow server APIs available to the authenticated user.
Return script output directly to the MCP client.
Audit every script execution and returned result.
The app also includes an admin page, MCP Script Runner Admin, that checks the configuration status and shows the latest script executions.
Related MCP server: NowAIKit
Prerequisites
ServiceNow instance on Australia Patch 2 Hotfix 1 or newer.
Build Agent installed.
Workflow Data Fabric / Connect Hub installed.
Admin access for installation and setup.
A trusted setup user who can be granted the required roles shown in the admin page.
Installation
In ServiceNow, go to System Update Sets > Retrieved Update Sets.
Download MCP_Script_Runner_1.0.11.zip, unzip it, and import the XML update set inside.
Preview the update set.
Resolve any preview issues if your instance reports them.
Commit the update set.
Navigate to MCP Script Runner > MCP Script Runner Admin.
Open Configuration status and follow the instructions shown in each step.
The admin page guides you through OAuth client creation, role assignment, Connect Hub MCP connector setup, AI Control Tower approval, inbound OAuth scope validation, and Build Agent MCP server enablement.
Security Notes
The
run_scripttool executes server-side JavaScript.Scripts run as the authenticated ServiceNow user.
Access is gated by ServiceNow authentication, OAuth/WDF setup, AI Control Tower approval, and the
mcp_script_runnerrole.Every script execution is written to the
u_mcp_script_executionaudit table.Do not grant access broadly.
MCP Script Runner: Capability Bypass Analysis
A comparison of originally listed limitations vs. what can actually be achieved by executing server-side JavaScript via MCP_Script_Runner.
Infrastructure & Administration
Limitation | Bypassable? | How via MCP_Script_Runner |
Activate/deactivate plugins | Yes |
|
Clone or upgrade instances | No | These are HI-level infrastructure operations outside the instance runtime |
Modify system properties | Yes |
|
Manage MID Servers | Partial | Can query/modify MID records and issue ECC queue commands, but can't control the actual MID host process |
External Connectivity
Limitation | Bypassable? | How via MCP_Script_Runner |
Make outbound HTTP/REST calls | Yes |
|
Access the internet | Yes | Same as above - can fetch any URL the instance network/ACL allows |
Send emails directly | Yes |
|
File & Binary Operations
Limitation | Bypassable? | How via MCP_Script_Runner |
Create or edit binary files | Partial |
|
Upload/download attachments | Yes |
|
Manage instance file storage | Yes | Query/delete/copy via |
Version Control & DevOps
Limitation | Bypassable? | How via MCP_Script_Runner |
Git operations | No | Git lives outside the instance - no server-side API for it |
CI/CD pipelines | Partial | Can trigger external CI/CD via outbound REST calls to Jenkins/GitHub Actions/etc., or use ServiceNow's CICD spoke APIs |
Export/import Update Sets | Yes | GlideRecord on |
Instance Operations
Limitation | Bypassable? | How via MCP_Script_Runner |
Impersonate users | Yes |
|
Modify OOB/system tables | Yes | Background scripts run in global scope as admin - full GlideRecord CRUD on any table |
Run client-side JavaScript | No | Server-side only - no browser DOM or client-side context available |
Real-time log monitoring | Partial | Can poll with repeated queries, but can't maintain a persistent stream/tail |
Cancel running jobs/threads | Yes | Update |
Scope & Access Limitations
Limitation | Bypassable? | How via MCP_Script_Runner |
Access scope-protected tables | Yes | GlideRecord in global scope - already demonstrated with |
Create metadata not supported by Fluent | Yes | Insert directly into metadata tables ( |
Work across multiple instances | Partial | Can call another instance's REST/Table API via |
UI & Visual
Limitation | Bypassable? | How via MCP_Script_Runner |
Take visual screenshots | No | No rendering engine server-side - pixels require a browser |
Edit or preview UI in real-time | No | Server-side can't interact with a live browser session |
Create custom themes | Yes | Insert/update records in |
Summary Scorecard
Category | Total | Full | Partial | Cannot |
Infrastructure & Admin | 4 | 2 | 1 | 1 |
External Connectivity | 3 | 3 | 0 | 0 |
File & Binary | 3 | 2 | 1 | 0 |
Version Control & DevOps | 3 | 1 | 1 | 1 |
Instance Operations | 5 | 3 | 1 | 1 |
Scope & Access | 3 | 2 | 1 | 0 |
UI & Visual | 3 | 1 | 0 | 2 |
TOTAL | 24 | 14 | 5 | 5 |
Hard Limitations
These 5 remain regardless of MCP_Script_Runner:
Clone or upgrade instances - HI-level infrastructure operation.
Git operations - External tooling, not accessible from instance runtime.
Run client-side JavaScript - Requires a browser; server-side only.
Take visual screenshots - No rendering engine available server-side.
Edit or preview UI in real-time - No live browser interaction from server.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Now-Italy-Demo/MCP-Script-Runner'
If you have feedback or need assistance with the MCP directory API, please join our Discord server