Heroku Platform API

The skill's requested binaries, environment variables, network targets, and runtime instructions are consistent with a Heroku API integration; nothing requested appears disproportionate to its stated purpose.

This skill appears coherent with its stated purpose. Before installing: (1) Use a minimally-scoped Heroku token (prefer 'read' or narrowly scoped tokens) and avoid global-scoped API keys. (2) Keep HEROKU_PERMISSION set to 'readonly' unless you intentionally need writes; do not set HEROKU_NONINTERACTIVE_WRITES unless you accept the risk. (3) Note the README's example to create tokens uses the Heroku CLI — that is optional and not required for the skill itself. (4) If you will allow autonomous agents to invoke skills, be aware that turning on full/non-interactive writes increases risk because the agent could make destructive API calls; audit and monitor the token's activity and rotate it if necessary. (5) The skill is instruction-only (no bundled code), so its safety also depends on the agent correctly following the documented permission checks; if you need higher assurance, review the agent's concrete runtime commands or test with a read-only token first.