MCPVet
Medium
github · 80 files analyzed
heroku/heroku-mcp-server
Powerful capabilities — review before trusting.
View source ↗Outbound network 2
Environment variables (config / keys) 3
Filesystem writes 3
Shell / command execution 7
Sensitive credential files 1
AI review
This is an official Heroku MCP server that uses environment variables for authentication and executes shell commands to manage Heroku resources. While it accesses secrets and runs commands, these actions are within the expected scope of a Heroku deployment tool and do not contain hidden instructions or deceptive behavior.
- low Environment variable access for API key — The server reads HEROKU_API_KEY from environment variables for authentication, which is expected for a Heroku integration tool. No exfiltration or hidden transmission of this key was detected.
- low Shell command execution via child_process — The server uses spawn, spawnSync, and execSync to run Heroku CLI commands and deploy code. This is necessary for its stated purpose of managing Heroku resources and is not used for arbitrary or malicious commands.
- low Network requests to Heroku API and Dev Center — The server makes fetch calls to Heroku's API and Dev Center, which aligns with its purpose. No suspicious or unauthorized endpoints were identified.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/index.ts:34
const requestTimeout = isNaN(Number(process.env.MCP_SERVER_REQUEST_TIMEOUT))
low
src/repl/heroku-cli-repl.ts:198
...process.env,
low
src/utils/generate-request-init.ts:13
Authorization: `Bearer ${process.env.HEROKU_API_KEY?.trim() ?? ''}`,
Shell / command execution · Executes shell / system commands
info
src/repl/heroku-cli-repl.spec.ts:187
spawnSyncStub = sinon.stub(HerokuREPL, 'spawnSync');
medium
src/repl/heroku-cli-repl.ts:1
import { spawn, type ChildProcess, spawnSync } from 'node:child_process';
medium
src/tools/deploy-to-heroku.ts:1
import { execSync } from 'node:child_process';
info
src/utils/plugin-detector.spec.ts:2
import type { SpawnSyncReturns } from 'node:child_process';
medium
src/utils/plugin-detector.ts:1
import { spawnSync, type SpawnSyncOptionsWithStringEncoding, type SpawnSyncReturns } from 'node:child_process';
info
src/utils/tarball.spec.ts:4
import { execSync } from 'node:child_process';
medium
src/utils/tarball.ts:4
import { execSync } from 'node:child_process';
Outbound network · Makes outbound network requests
low
src/resources/dev-center-resource.ts:22
const res = await fetch(DEV_CENTER_RESOURCE_URI);
low
src/tools/deploy-to-heroku.ts:293
const response = await fetch(sourceBlob!.put_url!, {
Sensitive credential files · Reads sensitive credential files
info
src/tools/deploy-to-heroku.spec.ts:37
expect(isSafeSourceRelativePath('/etc/passwd')).to.be.false;
Filesystem writes · Reads or writes the filesystem
info
src/tools/deploy-to-heroku.spec.ts:110
await fs.rm(tempDir, { recursive: true, force: true });
info
src/utils/read-app-json.spec.ts:17
await fs.rm(tempDir, { recursive: true, force: true });
info
src/utils/tarball.spec.ts:18
await fs.rm(tempDir, { recursive: true, force: true });
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.