Hugging Face
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed Hugging Face connector wrapper that uses OOMOL's oo CLI for read, discovery, and inference actions without evidence of hidden or destructive behavior.
Install this only if you trust OOMOL as the intermediary for your Hugging Face connection. Review the requested Hugging Face scopes when connecting, and be aware that inference prompts, embeddings input, dataset queries, and account/profile lookups may be sent through the OOMOL connector to Hugging Face.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.