Huggingface
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: huggingface Version: 1.0.2 The OpenClaw AgentSkills skill bundle for Hugging Face CLI (hf) is benign. It clearly defines its purpose as managing Hugging Face resources using the official `hf` command-line tool. The `SKILL.md` documentation accurately describes standard `hf` commands for authentication, model/dataset/space management, and file upload/download. It correctly declares dependencies on the `hf` binary and the `HF_TOKEN` environment variable. There is no evidence of prompt injection attempts, malicious command execution (e.g., `curl|bash`), unauthorized data exfiltration, persistence mechanisms, or obfuscation. All demonstrated actions are legitimate operations for interacting with Hugging Face Hub.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong target or from the wrong folder, these commands could publish private files or change/delete Hugging Face repositories.
The skill documents CLI operations that can delete or move Hugging Face repositories and upload an entire local directory.
hf repos delete username/repo-name ... hf upload my-cool-model . . ... hf repos move old-namespace/my-model new-namespace/my-model
Use explicit repository names and file paths, review upload/delete/move commands before running them, and prefer least-impact options such as pull requests or private repositories when appropriate.
A broadly scoped token could allow the agent to modify or delete repositories, upload content, or manage account resources.
The skill requires a Hugging Face API token, which is expected for this integration but gives the CLI whatever account permissions the token has.
- `HF_TOKEN`: Hugging Face API Token ... or use `--token` parameter
Use the least-privileged Hugging Face token needed for the task, avoid long-lived broad tokens when possible, and revoke or rotate tokens if exposed.
Safety depends partly on the local Hugging Face CLI installation and the trustworthiness of the published skill metadata.
The skill has no bundled code or install script, but its source is not identified and it relies on the user's local `hf` executable.
Source: unknown; Homepage: none; Required binaries (all must exist): hf; No install spec — this is an instruction-only skill.
Install `hf` from the official Hugging Face documentation and verify the skill provenance if provenance is important to your environment.