hf-cli

Manages Hugging Face Hub repositories, models, and datasets using the CLI for efficient AI project workflows.

Install this skill

or

0/100

Security score

The hf-cli skill was audited on Jun 13, 2026 and we found 13 security issues across 3 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 6

Piping content to bash shell

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

critical line 207

Piping content to sh shell

SourceSKILL.md

207	Install: `curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh \| sh`

high line 6

Curl to non-GitHub URL

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: "Hugging Face Hub CLI (`hf`) for downloading, uploading, and managing models, datasets, spaces, buckets, repos, papers, jobs, and more on the Hugging Face Hub. Use when: handling authenti

medium line 185

Webhook reference - potential data exfiltration

SourceSKILL.md

185	### `hf webhooks` — Manage webhooks on the Hub.

medium line 187

Webhook reference - potential data exfiltration

SourceSKILL.md

187	- `hf webhooks create --watch TEXT` — Create a new webhook. `[--url TEXT --job-id TEXT --domain [repo\|discussions] --secret TEXT --format [auto\|human\|agent\|json\|quiet]]`

medium line 188

Webhook reference - potential data exfiltration

SourceSKILL.md

188	- `hf webhooks delete WEBHOOK_ID` — Delete a webhook permanently. `[--yes --format [auto\|human\|agent\|json\|quiet]]`

medium line 189

Webhook reference - potential data exfiltration

SourceSKILL.md

189	- `hf webhooks disable WEBHOOK_ID` — Disable an active webhook. `[--format [auto\|human\|agent\|json\|quiet]]`

medium line 190

Webhook reference - potential data exfiltration

SourceSKILL.md

190	- `hf webhooks enable WEBHOOK_ID` — Enable a disabled webhook. `[--format [auto\|human\|agent\|json\|quiet]]`

medium line 191

Webhook reference - potential data exfiltration

SourceSKILL.md

191	- `hf webhooks info WEBHOOK_ID` — Show full details for a single webhook. `[--format [auto\|human\|agent\|json\|quiet]]`

medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md

192	- `hf webhooks list` — List all webhooks for the current user. `[--format [auto\|human\|agent\|json\|quiet]]`

medium line 193

Webhook reference - potential data exfiltration

SourceSKILL.md

193	- `hf webhooks update WEBHOOK_ID` — Update an existing webhook. Only provided options are changed. `[--url TEXT --watch TEXT --domain [repo\|discussions] --secret TEXT --format [auto\|human\|agent\|json\|q

low line 6

External URL reference

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

Scanned on Jun 13, 2026

View Security Dashboard

Installation guide →

GitHub Stars 10.7K

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

claude frontend git api database testing devops backend ml-ai-engineer data-engineer data-scientist development data analytics

huggingface/skills