Trust Assessment
huggingface-best received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via Untrusted Model and Dataset IDs, Credential Exposure via Shell Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on July 1, 2026 (commit 35e8c35a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Untrusted Model and Dataset IDs The skill instructions direct the LLM to execute shell commands (using `curl` and `jq`) containing placeholder values like `<namespace>/<repo>` and `org/model1` which are retrieved dynamically from external Hugging Face APIs. Since model and dataset names on Hugging Face are user-controlled, an attacker could register a malicious model or dataset name containing shell metacharacters (e.g., `org/model;malicious_command`). When the LLM executes the shell command with this interpolated name, it will result in arbitrary command execution on the host system. Avoid executing shell commands with dynamically retrieved, untrusted parameters. Instead of using `curl` in a shell, use a secure programming language environment (like Python) with proper URL encoding and safe HTTP client libraries, or use the official `huggingface_hub` Python library which handles API requests safely without shell execution. | LLM | SKILL.md:43 | |
| HIGH | Credential Exposure via Shell Command Execution The skill instructions read the Hugging Face API token directly from the filesystem (`cat ~/.cache/huggingface/token`) and pass it as a command-line argument to `curl`. This exposes the sensitive token in the process list (visible to other local users/processes) and increases the risk of credential exfiltration if the URL or command is manipulated by untrusted inputs. Do not pass sensitive tokens via command-line arguments or shell interpolation. Use environment variables or secure configuration files, and perform API requests within a secure programming environment (e.g., Python) where headers can be set programmatically without exposing secrets in shell commands. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/46be7ecb1bddddd0)
Powered by SkillShield