MCPVet
Low
github · 80 files analyzed
heroku/heroku-mcp-server
Minor capabilities, nothing alarming.
View source ↗Outbound network 2
Environment variables (config / keys) 3
Filesystem writes 3
Shell / command execution 7
Sensitive credential files 1
AI review
This is an official Heroku MCP server that uses environment variables for authentication and executes shell commands to manage Heroku resources. While it accesses secrets and runs commands, these actions are consistent with its stated purpose of managing Heroku deployments and do not contain hidden exfiltration or prompt injection.
- low Environment variable access for authentication — The server reads HEROKU_API_KEY from environment variables for API authentication. This is expected behavior for a Heroku management tool and not a security risk.
- low Shell command execution via child_process — The server uses spawn, spawnSync, and execSync to run Heroku CLI commands. This is necessary for its functionality and does not indicate malicious intent.
- low Network requests to Heroku API and Dev Center — The server makes fetch calls to Heroku API endpoints and Dev Center resources. These are legitimate operations for the stated purpose.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/index.ts:34
const requestTimeout = isNaN(Number(process.env.MCP_SERVER_REQUEST_TIMEOUT))
low
src/repl/heroku-cli-repl.ts:198
...process.env,
low
src/utils/generate-request-init.ts:13
Authorization: `Bearer ${process.env.HEROKU_API_KEY?.trim() ?? ''}`,
Shell / command execution · Executes shell / system commands
info
src/repl/heroku-cli-repl.spec.ts:187
spawnSyncStub = sinon.stub(HerokuREPL, 'spawnSync');
medium
src/repl/heroku-cli-repl.ts:1
import { spawn, type ChildProcess, spawnSync } from 'node:child_process';
medium
src/tools/deploy-to-heroku.ts:1
import { execSync } from 'node:child_process';
info
src/utils/plugin-detector.spec.ts:2
import type { SpawnSyncReturns } from 'node:child_process';
medium
src/utils/plugin-detector.ts:1
import { spawnSync, type SpawnSyncOptionsWithStringEncoding, type SpawnSyncReturns } from 'node:child_process';
info
src/utils/tarball.spec.ts:4
import { execSync } from 'node:child_process';
medium
src/utils/tarball.ts:4
import { execSync } from 'node:child_process';
Outbound network · Makes outbound network requests
low
src/resources/dev-center-resource.ts:22
const res = await fetch(DEV_CENTER_RESOURCE_URI);
low
src/tools/deploy-to-heroku.ts:293
const response = await fetch(sourceBlob!.put_url!, {
Sensitive credential files · Reads sensitive credential files
info
src/tools/deploy-to-heroku.spec.ts:37
expect(isSafeSourceRelativePath('/etc/passwd')).to.be.false;
Filesystem writes · Reads or writes the filesystem
info
src/tools/deploy-to-heroku.spec.ts:110
await fs.rm(tempDir, { recursive: true, force: true });
info
src/utils/read-app-json.spec.ts:17
await fs.rm(tempDir, { recursive: true, force: true });
info
src/utils/tarball.spec.ts:18
await fs.rm(tempDir, { recursive: true, force: true });
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.