Security Audit

hugging-face-cli

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

hugging-face-cli received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Remote Command Execution via `hf jobs run`, Potential Data Exfiltration via `hf upload`, Broad File System and Repository Management Permissions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

3 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Remote Command Execution via `hf jobs run` The skill exposes the `hf jobs run` command, which allows executing arbitrary commands (`<cmd>`) on remote Hugging Face infrastructure. If the `<cmd>` argument is derived from untrusted user input, it could lead to remote code execution (RCE) on the job runner, allowing an attacker to run arbitrary code on Hugging Face's compute infrastructure. Implement strict input validation and sanitization for the `<cmd>` argument when constructing `hf jobs run` commands. Restrict the LLM's ability to generate arbitrary commands for this argument, or require explicit user confirmation for any job execution.	LLM	SKILL.md:140
HIGH	Potential Data Exfiltration via `hf upload` The `hf upload` command allows uploading local files and entire directories to a remote Hugging Face repository. Specifically, `hf upload <repo_id> . .` can upload the entire current working directory. If an agent is compromised or misused, this capability could be exploited to exfiltrate sensitive local data to an attacker-controlled repository. Implement strict access controls and user confirmation for `hf upload` operations, especially when uploading entire directories or sensitive file types. Restrict the agent's ability to upload arbitrary files without explicit user consent.	LLM	SKILL.md:70
MEDIUM	Broad File System and Repository Management Permissions The skill grants access to powerful `hf` CLI commands such as `hf upload <repo_id> . .` (uploading entire current directory) and `hf repo delete <repo_id>` (deleting remote repositories). These broad permissions, if misused by an agent, could lead to significant data leakage, data loss, or unauthorized modification of remote resources on the Hugging Face Hub. Implement granular access controls and require explicit user confirmation for destructive operations like `hf repo delete` and broad upload operations like `hf upload . .`. Ensure the agent's use of these commands is always explicitly authorized and monitored.	LLM	SKILL.md:93

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/52422c228259cd35.svg)](https://skillshield.io/report/52422c228259cd35)