Back to skill
Skillv1.0.0
ClawScan security
Openclaw Huggingface · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 6:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the official Hugging Face CLI and requests only the HF_TOKEN and the hf binary that are appropriate for its stated purpose.
- Guidance
- This skill is essentially documentation for the official Hugging Face CLI. Before installing/use: (1) ensure you have the official 'hf' CLI binary installed (verify vendor/source) so commands run against the real tool; (2) provide an HF_TOKEN with least-privilege scopes needed (avoid a fully-scoped or long-lived token if not necessary); (3) be careful when running upload commands to avoid unintentionally publishing private data or large files; and (4) keep the hf CLI updated to avoid using a compromised client binary.
Review Dimensions
- Purpose & Capability
- okName/description match the actual requirements: the skill needs the 'hf' CLI and HF_TOKEN to operate on Hugging Face models, datasets, Spaces, and repos. Nothing requested appears unrelated to the stated functionality.
- Instruction Scope
- okSKILL.md contains concrete hf CLI commands (auth, models, datasets, repos, spaces, upload/download). Commands reference local paths only when doing uploads/downloads, which is expected. The instructions do not ask the agent to read unrelated system files or to transmit data to endpoints outside Hugging Face CLI's normal behavior.
- Install Mechanism
- okThere is no install spec (instruction-only). That minimizes risk — the skill does not download or write code to disk. It expects the user/host to provide the official 'hf' binary.
- Credentials
- okOnly HF_TOKEN is required, which is the expected credential for interacting with the Hugging Face Hub. No unrelated secrets, keys, or config paths are requested. The docs note you can alternatively pass --token, which is consistent.
- Persistence & Privilege
- okThe skill is not always-on and does not request elevated persistence or modify other skills/configs. Autonomous model invocation remains possible (platform default) but is not combined with additional concerning privileges.