hf-cli
Manages Hugging Face Hub repositories, models, and datasets using the CLI for efficient AI project workflows.
Install this skill
Security score
The hf-cli skill was audited on Mar 14, 2026 and we found 11 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Piping content to bash shell
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
Curl to non-GitHub URL
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
Webhook reference - potential data exfiltration
| 143 | ### `hf webhooks` — Manage webhooks on the Hub. |
Webhook reference - potential data exfiltration
| 145 | - `hf webhooks create watch` — Create a new webhook. |
Webhook reference - potential data exfiltration
| 146 | - `hf webhooks delete WEBHOOK_ID` — Delete a webhook permanently. |
Webhook reference - potential data exfiltration
| 147 | - `hf webhooks disable WEBHOOK_ID` — Disable an active webhook. |
Webhook reference - potential data exfiltration
| 148 | - `hf webhooks enable WEBHOOK_ID` — Enable a disabled webhook. |
Webhook reference - potential data exfiltration
| 149 | - `hf webhooks info WEBHOOK_ID` — Show full details for a single webhook as JSON. |
Webhook reference - potential data exfiltration
| 150 | - `hf webhooks list` — List all webhooks for the current user. |
Webhook reference - potential data exfiltration
| 151 | - `hf webhooks update WEBHOOK_ID` — Update an existing webhook. Only provided options are changed. |
External URL reference
| 6 | Install: `curl -LsSf https://hf.co/cli/install.sh | bash -s`. |
Install this skill with one command
/learn @huggingface/hf-cli