hf-cli

Manages Hugging Face Hub repositories, models, and datasets using the CLI for efficient AI project workflows.

Install this skill

or

0/100

Security score

The hf-cli skill was audited on May 12, 2026 and we found 13 security issues across 3 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 6

Piping content to bash shell

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

critical line 200

Piping content to sh shell

SourceSKILL.md

200	Install: `curl -fsSL https://raw.githubusercontent.com/huggingface/hf-mount/main/install.sh \| sh`

high line 6

Curl to non-GitHub URL

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: "Hugging Face Hub CLI (`hf`) for downloading, uploading, and managing models, datasets, spaces, buckets, repos, papers, jobs, and more on the Hugging Face Hub. Use when: handling authenti

medium line 178

Webhook reference - potential data exfiltration

SourceSKILL.md

178	### `hf webhooks` — Manage webhooks on the Hub.

medium line 180

Webhook reference - potential data exfiltration

SourceSKILL.md

180	- `hf webhooks create --watch TEXT` — Create a new webhook. `[--url TEXT --job-id TEXT --domain CHOICE --secret TEXT --format CHOICE]`

medium line 181

Webhook reference - potential data exfiltration

SourceSKILL.md

181	- `hf webhooks delete WEBHOOK_ID` — Delete a webhook permanently. `[--yes --format CHOICE]`

medium line 182

Webhook reference - potential data exfiltration

SourceSKILL.md

182	- `hf webhooks disable WEBHOOK_ID` — Disable an active webhook. `[--format CHOICE]`

medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md

183	- `hf webhooks enable WEBHOOK_ID` — Enable a disabled webhook. `[--format CHOICE]`

medium line 184

Webhook reference - potential data exfiltration

SourceSKILL.md

184	- `hf webhooks info WEBHOOK_ID` — Show full details for a single webhook. `[--format CHOICE]`

medium line 185

Webhook reference - potential data exfiltration

SourceSKILL.md

185	- `hf webhooks list` — List all webhooks for the current user. `[--format CHOICE]`

medium line 186

Webhook reference - potential data exfiltration

SourceSKILL.md

186	- `hf webhooks update WEBHOOK_ID` — Update an existing webhook. Only provided options are changed. `[--url TEXT --watch TEXT --domain CHOICE --secret TEXT --format CHOICE]`

low line 6

External URL reference

SourceSKILL.md

6	Install: `curl -LsSf https://hf.co/cli/install.sh \| bash -s`.

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 8.9K

Rate this skill

Categorydevelopment

UpdatedMay 13, 2026

claude frontend git api database testing devops backend ml-ai-engineer data-engineer data-scientist development data analytics

huggingface/skills