huggingface

Security checks across malware telemetry and agentic risk

Overview

This is a normal Hugging Face helper that clearly uses Hugging Face tokens and network services, with powerful upload and delete examples users should handle carefully.

Install this only if you want your agent to work with Hugging Face Hub. Use the narrowest HF_TOKEN scope possible, prefer read-only or repo-scoped tokens, avoid sending private prompts or audio to remote inference, and double-check targets before upload, delete, cache cleanup, or Space-management commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The examples demonstrate write-capable operations such as upload, commit, delete, and cache cleanup without any warning that they modify remote Hub repositories or local cached data. In an agent skill context, copy-pasted snippets may be executed automatically or with minimal review, increasing the risk of unintended data loss, destructive repo changes, or accidental publication of artifacts.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The inference examples send prompts, chat messages, and audio/files to remote Hugging Face services without warning that user content leaves the local environment. In a skill meant for automation and inference prep, this can lead to inadvertent transmission of sensitive data, proprietary text, or regulated content to third-party infrastructure.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal