Skillv1.0.0

ClawScan security

Huggingface Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 5:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated Hugging Face Hub purpose, but it reads an undeclared secret path (/etc/secrets/HF_TOKEN) and doesn't declare required credentials, which is an incoherence you should review before installing.
Guidance: This skill appears to implement a reasonable Hugging Face CLI wrapper, but there are a couple of mismatches you should consider: (1) The SKILL.md tells you to provide an HF_TOKEN env var, but the skill metadata doesn't declare any required credentials — verify you are comfortable storing your HF token for this skill. (2) The script will also try to read /etc/secrets/HF_TOKEN if the env var is absent; confirm whether your environment mounts secrets at that path and whether you want the skill to access it. Review the script if you need to ensure it only uses the explicit HF_TOKEN you provide, and be cautious when using the upload-file command since it reads local files for uploading. If you need higher assurance, ask the author to (a) declare HF_TOKEN in the skill metadata, (b) remove or document the /etc/secrets fallback, and (c) avoid hard-coded invocation paths in the README/examples.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, and the CLI wrapper code all consistently implement listing/searching/downloading/uploading Hugging Face Hub assets using the huggingface_hub library. The commands and API calls used align with the stated purpose.
Instruction Scope: concernSKILL.md instructs users to set HF_TOKEN in settings/env and to pip install huggingface_hub, which matches the code. However, the runtime instructions and examples hard-code a workspace path for invocation and do not mention that the script will also attempt to read /etc/secrets/HF_TOKEN. The extra secret file path is out-of-band from the documented usage.
Install Mechanism: okThis is an instruction-only skill with a bundled Python script; there is no install spec. The SKILL.md asks the user to pip install huggingface_hub, which is expected and proportional to the functionality.
Credentials: concernThe skill metadata declares no required environment variables, yet SKILL.md instructs storing HF_TOKEN and the script reads HF_TOKEN from the environment. Additionally, the script will fall back to reading /etc/secrets/HF_TOKEN (a system path) if the env var is absent. Requesting or accessing that system secret path is not documented in the metadata and increases privilege surface.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated persistent privileges, and does not modify other skills or global agent settings. Autonomous invocation is allowed by default but not combined with other high-risk indicators here.