Huggingface
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong target or from the wrong folder, these commands could publish private files or change/delete Hugging Face repositories.
The skill documents CLI operations that can delete or move Hugging Face repositories and upload an entire local directory.
hf repos delete username/repo-name ... hf upload my-cool-model . . ... hf repos move old-namespace/my-model new-namespace/my-model
Use explicit repository names and file paths, review upload/delete/move commands before running them, and prefer least-impact options such as pull requests or private repositories when appropriate.
A broadly scoped token could allow the agent to modify or delete repositories, upload content, or manage account resources.
The skill requires a Hugging Face API token, which is expected for this integration but gives the CLI whatever account permissions the token has.
- `HF_TOKEN`: Hugging Face API Token ... or use `--token` parameter
Use the least-privileged Hugging Face token needed for the task, avoid long-lived broad tokens when possible, and revoke or rotate tokens if exposed.
Safety depends partly on the local Hugging Face CLI installation and the trustworthiness of the published skill metadata.
The skill has no bundled code or install script, but its source is not identified and it relies on the user's local `hf` executable.
Source: unknown; Homepage: none; Required binaries (all must exist): hf; No install spec — this is an instruction-only skill.
Install `hf` from the official Hugging Face documentation and verify the skill provenance if provenance is important to your environment.