Skip to main content

hugging-face-tool-builder

Creates reusable scripts for interacting with the Hugging Face API, enabling automation and data processing tasks.

Install this skill

or
54/100

Security score

The hugging-face-tool-builder skill was audited on Mar 14, 2026 and we found 10 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 16

Template literal with variable interpolation in command context

SourceSKILL.md
16- IMPORTANT: Use the `HF_TOKEN` environment variable as an Authorization header. For example: `curl -H "Authorization: Bearer ${HF_TOKEN}" https://huggingface.co/api/`. This provides higher rate limit
high line 16

Curl to non-GitHub URL

SourceSKILL.md
16- IMPORTANT: Use the `HF_TOKEN` environment variable as an Authorization header. For example: `curl -H "Authorization: Bearer ${HF_TOKEN}" https://huggingface.co/api/`. This provides higher rate limit
medium line 72

Curl to non-GitHub URL

SourceSKILL.md
72curl -s "https://huggingface.co/.well-known/openapi.json" | jq '.paths | keys | sort'
medium line 78

Curl to non-GitHub URL

SourceSKILL.md
78curl -s "https://huggingface.co/.well-known/openapi.json" | jq '.paths["/api/models"]'
low line 16

External URL reference

SourceSKILL.md
16- IMPORTANT: Use the `HF_TOKEN` environment variable as an Authorization header. For example: `curl -H "Authorization: Bearer ${HF_TOKEN}" https://huggingface.co/api/`. This provides higher rate limit
low line 46

External URL reference

SourceSKILL.md
46The following are the main API endpoints available at `https://huggingface.co`
low line 63

External URL reference

SourceSKILL.md
63The API is documented with the OpenAPI standard at `https://huggingface.co/.well-known/openapi.json`.
low line 65

External URL reference

SourceSKILL.md
65**IMPORTANT:** DO NOT ATTEMPT to read `https://huggingface.co/.well-known/openapi.json` directly as it is too large to process.
low line 72

External URL reference

SourceSKILL.md
72curl -s "https://huggingface.co/.well-known/openapi.json" | jq '.paths | keys | sort'
low line 78

External URL reference

SourceSKILL.md
78curl -s "https://huggingface.co/.well-known/openapi.json" | jq '.paths["/api/models"]'
Scanned on Mar 14, 2026
View Security Dashboard

Install this skill with one command

/learn @huggingface/hugging-face-tool-builder
GitHub Stars 8.9K
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawapibackenddata-engineerml-ai-engineerbackend-developergrowth-marketerproduct-managerdevelopmentmarketingproduct
huggingface/skills