The Agent Skills Directory

Official Installation Scripts: The skill utilizes remote scripts from official Hugging Face domains (hf.co) and GitHub repositories (github.com/huggingface) for tool installation. This is a common practice for distributing developer utilities and is handled through the vendor's verified infrastructure.
Remote Code and Job Execution: Certain commands, such as hf jobs uv run and hf extensions install, are designed to execute code from external scripts or repositories. These are core features of the platform for running cloud-based AI workloads and extending the CLI's functionality.
Credential Management: The CLI includes tools for managing authentication tokens (hf auth). It follows security best practices by encouraging the use of environment variables like HF_TOKEN rather than hardcoding credentials.
Data Ingestion Surface: The skill has the capability to read and display user-generated content from the Hub, including model cards, papers, and discussion comments. While this is necessary for its function, it means the agent may process text from public, third-party sources.

hf-cli