Back to skill
Skillv2.0.0
ClawScan security
Heroku Platform API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 4:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested binaries, environment variables, network targets, and runtime instructions are consistent with a Heroku API integration; nothing requested appears disproportionate to its stated purpose.
- Guidance
- This skill appears coherent with its stated purpose. Before installing: (1) Use a minimally-scoped Heroku token (prefer 'read' or narrowly scoped tokens) and avoid global-scoped API keys. (2) Keep HEROKU_PERMISSION set to 'readonly' unless you intentionally need writes; do not set HEROKU_NONINTERACTIVE_WRITES unless you accept the risk. (3) Note the README's example to create tokens uses the Heroku CLI — that is optional and not required for the skill itself. (4) If you will allow autonomous agents to invoke skills, be aware that turning on full/non-interactive writes increases risk because the agent could make destructive API calls; audit and monitor the token's activity and rotate it if necessary. (5) The skill is instruction-only (no bundled code), so its safety also depends on the agent correctly following the documented permission checks; if you need higher assurance, review the agent's concrete runtime commands or test with a read-only token first.
Review Dimensions
- Purpose & Capability
- okName/description (Heroku Platform API) match the declared requirements: HEROKU_API_KEY as primary credential, HEROKU_PERMISSION for read/write gating, curl and jq for HTTPS+JSON handling, and network destinations limited to api.heroku.com and postgres-api.heroku.com. The install entries (Homebrew formulas for curl and jq) are proportional and expected.
- Instruction Scope
- noteSKILL.md is instruction-only and describes only Heroku API calls, permission gating, and optional STATUS.md writes in multi-agent orchestration. One small inconsistency: the doc suggests creating a token via `heroku authorizations:create` (Heroku CLI) as an example, which contradicts the 'zero CLI dependency' marketing line — but that is advisory (how to obtain a token), not required for runtime. Otherwise instructions do not direct reading unrelated files or contacting unexpected hosts.
- Install Mechanism
- okNo code is downloaded or executed at install time; install metadata references Homebrew formulas for curl and jq only. Homebrew is a standard, low-risk installer for these utilities.
- Credentials
- okOnly HEROKU_API_KEY and HEROKU_PERMISSION are required, and HEROKU_API_KEY is declared as the primary credential — appropriate and proportional. The documentation explicitly recommends using minimally scoped OAuth tokens and avoiding global-scoped keys.
- Persistence & Privilege
- noteThe skill is not always-enabled (always: false) and does not request system-wide config access. It can write STATUS.md but only in multi-agent orchestration mode. Be aware that if you set HEROKU_PERMISSION=full and also opt into non-interactive writes (HEROKU_NONINTERACTIVE_WRITES), an autonomous agent could perform write operations against Heroku; the skill documents fail-closed behavior for non-interactive environments by default.