hf-cli
Manages Hugging Face Hub repositories, models, and datasets using the CLI for efficient AI project workflows.
Install this skill
or
19/100
Security score
The hf-cli skill was audited on Mar 14, 2026 and we found 11 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 6
Piping content to bash shell
SourceSKILL.md
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
high line 6
Curl to non-GitHub URL
SourceSKILL.md
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
medium line 143
Webhook reference - potential data exfiltration
SourceSKILL.md
| 143 | ### `hf webhooks` — Manage webhooks on the Hub. |
medium line 145
Webhook reference - potential data exfiltration
SourceSKILL.md
| 145 | - `hf webhooks create watch` — Create a new webhook. |
medium line 146
Webhook reference - potential data exfiltration
SourceSKILL.md
| 146 | - `hf webhooks delete WEBHOOK_ID` — Delete a webhook permanently. |
medium line 147
Webhook reference - potential data exfiltration
SourceSKILL.md
| 147 | - `hf webhooks disable WEBHOOK_ID` — Disable an active webhook. |
medium line 148
Webhook reference - potential data exfiltration
SourceSKILL.md
| 148 | - `hf webhooks enable WEBHOOK_ID` — Enable a disabled webhook. |
medium line 149
Webhook reference - potential data exfiltration
SourceSKILL.md
| 149 | - `hf webhooks info WEBHOOK_ID` — Show full details for a single webhook as JSON. |
medium line 150
Webhook reference - potential data exfiltration
SourceSKILL.md
| 150 | - `hf webhooks list` — List all webhooks for the current user. |
medium line 151
Webhook reference - potential data exfiltration
SourceSKILL.md
| 151 | - `hf webhooks update WEBHOOK_ID` — Update an existing webhook. Only provided options are changed. |
low line 6
External URL reference
SourceSKILL.md
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
Scanned on Mar 14, 2026
View Security Dashboard