ClawHub

hugging-face-api

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Hugging Face playbook that clearly centers on model discovery, billed inference, token protection, cost control, and licensing, with privacy cautions users should still apply.

Install only if you intend your agent to use Hugging Face services. Use a least-privilege HF token, expect prompts/document chunks sent to Hugging Face inference providers for chat or embeddings, avoid confidential or regulated data unless approved for that provider, and set spending limits or require confirmation before billed calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The recipe instructs sending full document chunks and user queries to external `hf_embeddings` and `hf_chat` services, but it does not warn that these inputs may contain sensitive, proprietary, or regulated data. In a RAG workflow, bulk corpus text and user prompts often include internal knowledge, so omission of privacy and data-handling guidance can lead to unintended disclosure to third-party services or policy violations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition is broad enough to trigger on many ordinary open-ended user requests, which can cause the agent to route prompts to an external model hub when that may not be necessary. In context, this increases the chance of unintended tool use, unnecessary cost, and sending user content to third-party infrastructure without a sufficiently narrow decision boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recipe directs a billed `hf_chat` call without requiring an explicit warning that the request may incur cost and that user prompt content will be transmitted to an external inference provider. This is dangerous because users may unknowingly trigger paid actions or disclose sensitive data to a third party under a recipe that appears routine.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal