Security Audit

heroku

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

heroku received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Heroku CLI and API examples.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via Heroku CLI and API examples The skill's documentation provides examples of `heroku` CLI commands and `curl` API calls that accept user-controlled parameters (e.g., `app-name`, `KEY`, `value`, `{app}`). If the AI agent directly interpolates untrusted user input into these commands without proper sanitization or escaping, an attacker could inject arbitrary shell commands. This could lead to unauthorized access, data manipulation, resource exhaustion on the Heroku platform, or even exfiltration of the `HEROKU_API_KEY` or other sensitive environment variables if the injected command allows it. The `heroku config:set KEY=value` command is particularly vulnerable as both `KEY` and `value` can be controlled, and the `curl` command with `{app}` is also a potential injection point. Implement robust input validation and sanitization for all user-provided parameters before constructing and executing shell commands or API calls. Use parameterized commands or libraries that handle escaping automatically where possible. Ensure the AI agent explicitly escapes or quotes user inputs when passing them to shell commands. The execution environment should also limit the scope of commands that can be run and restrict access to sensitive environment variables or files.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d9e540428eef5a22.svg)](https://skillshield.io/report/d9e540428eef5a22)