Hugging Face CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Hugging Face CLI helper, but it can use an HF token for account-changing operations, so users should use least-privilege tokens and confirm destructive actions.
Install this skill if you want the agent to help manage Hugging Face Hub resources. Prefer a read-only HF_TOKEN for exploration and downloads, use a limited write token only when needed, and manually confirm any upload, delete, deployment, job, discussion, PR merge, or bucket sync operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a write token is available, the agent may be able to modify or delete Hugging Face resources accessible to that token.
The skill requires a Hugging Face token and explains that a write token can perform broad account-changing actions; it also suggests persistent shell-profile storage.
A Hugging Face User Access Token is required... Read (safer)... Write (less safe, broader access): required for creating/deleting repos, uploading files, managing discussions, deploying endpoints, and running jobs... `export HF_TOKEN="hf_..."` (add to shell profile for persistence)
Use a read-only token for browsing and downloads; only provide a write token for specific tasks, avoid persistent storage unless needed, and rotate or revoke tokens when finished.
A mistaken or overly broad command could upload local data, delete remote files or repos, deploy endpoints, run cloud jobs, or post public comments.
The command catalog includes destructive, publishing, deployment, remote job, and bulk upload/sync capabilities. These are purpose-aligned for Hub management, but they are high-impact operations.
`hf repos delete <repo_id>`; `hf repos delete-files <repo_id> <path>...`; `hf upload-large-folder <repo_id> <local_path>`; `hf jobs run <docker_image> <command>`; `hf endpoints deploy <name>...`; `hf discussions comment...`; `hf buckets delete...`; `hf sync <local_path> hf://buckets/<user>/<bucket>`
Require explicit user confirmation before uploads, deletions, endpoint changes, jobs, public comments, PR merges, or bucket syncs; prefer dry-runs or PR-based uploads where available.
The installed CLI comes from external package infrastructure, so normal package-source trust applies.
The skill instructs the user to install the official CLI through package managers. This is expected for the stated purpose, but it depends on external package sources and is not pinned.
pip install -U "huggingface_hub[cli]" # or brew install hf
Install from official sources, verify the `hf version`, and use your organization’s preferred package pinning or lockfile process if reproducibility is important.