hf-cli
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Installation Scripts: The skill references installation scripts hosted on hf.co and GitHub that are executed via the shell. This is a common pattern for installing developer tools, and because these sources are managed by the vendor, they are used within the skill's intended functionality.
- Extension Ecosystem: The
hf extensions installfunctionality allows users to extend the CLI's capabilities by installing code from GitHub repositories. This provides flexibility, and users should review the source of any third-party extensions they choose to add. - Remote Task Execution: Several commands, such as
hf jobs runandhf jobs uv run, facilitate running code on remote infrastructure. These features are intended to help users leverage cloud resources for machine learning tasks. - Secure Authentication: The skill includes robust authentication management tools (
hf auth). It correctly prioritizes the use of environment variables for handling access tokens, which helps prevent accidental exposure of credentials.
Audit Metadata