hugging-face-jobs
Facilitates running workloads on Hugging Face infrastructure, enabling data processing, model training, and batch inference without local setup.
Install this skill
Security score
The hugging-face-jobs skill was audited on Mar 14, 2026 and we found 24 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 815 | ## Webhooks: Trigger Jobs on Events |
Webhook reference - potential data exfiltration
| 821 | from huggingface_hub import create_webhook |
Webhook reference - potential data exfiltration
| 823 | # Create webhook that triggers a job when a repo changes |
Webhook reference - potential data exfiltration
| 824 | webhook = create_webhook( |
Webhook reference - potential data exfiltration
| 836 | 1. Webhook listens for changes in watched repositories |
Webhook reference - potential data exfiltration
| 837 | 2. When triggered, the job runs with `WEBHOOK_PAYLOAD` environment variable |
Webhook reference - potential data exfiltration
| 846 | **Access webhook payload in script:** |
Webhook reference - potential data exfiltration
| 851 | payload = json.loads(os.environ.get("WEBHOOK_PAYLOAD", "{}")) |
Webhook reference - potential data exfiltration
| 855 | See [Webhooks Documentation](https://huggingface.co/docs/huggingface_hub/guides/webhooks) for more details. |
Webhook reference - potential data exfiltration
| 1016 | - [Webhooks Documentation](https://huggingface.co/docs/huggingface_hub/guides/webhooks) - Event triggers |
External URL reference
| 52 | - Hugging Face Account with [Pro](https://hf.co/pro), [Team](https://hf.co/enterprise), or [Enterprise](https://hf.co/enterprise) plan (Jobs require paid plan) |
External URL reference
| 215 | - **Check:** Token type at https://huggingface.co/settings/tokens |
External URL reference
| 371 | hf_jobs("uv", {"script": "https://huggingface.co/datasets/uv-scripts/.../raw/main/foo.py"}) |
External URL reference
| 471 | > **Reference:** [HF Jobs Hardware Docs](https://huggingface.co/docs/hub/en/spaces-config-reference) (updated 07/2025) |
External URL reference
| 536 | requests.post("https://your-api.com/results", json=results) |
External URL reference
| 700 | https://huggingface.co/jobs/username/job-id |
External URL reference
| 855 | See [Webhooks Documentation](https://huggingface.co/docs/huggingface_hub/guides/webhooks) for more details. |
External URL reference
| 1007 | - [HF Jobs Guide](https://huggingface.co/docs/huggingface_hub/guides/jobs) - Main documentation |
External URL reference
| 1008 | - [HF Jobs CLI Reference](https://huggingface.co/docs/huggingface_hub/guides/cli#hf-jobs) - Command line interface |
External URL reference
| 1009 | - [HF Jobs API Reference](https://huggingface.co/docs/huggingface_hub/package_reference/hf_api) - Python API details |
External URL reference
| 1010 | - [Hardware Flavors Reference](https://huggingface.co/docs/hub/en/spaces-config-reference) - Available hardware |
External URL reference
| 1014 | - [UV Scripts Organization](https://huggingface.co/uv-scripts) - Community UV script collection |
External URL reference
| 1015 | - [HF Hub Authentication](https://huggingface.co/docs/huggingface_hub/quick-start#authentication) - Token setup |
External URL reference
| 1016 | - [Webhooks Documentation](https://huggingface.co/docs/huggingface_hub/guides/webhooks) - Event triggers |
Install this skill with one command
/learn @huggingface/hugging-face-jobs