Hugging Face

Name: Hugging Face
Author: ivangdavila

功能描述

Discover, evaluate, and run Hugging Face models, datasets, and spaces with license checks, benchmark prompts, and reproducible integration plans.

使用说明 (SKILL.md)

Setup

On first use, read setup.md for integration guidelines and local memory initialization.

When to Use

User needs to find the right Hugging Face model, dataset, or Space for a concrete task and move from browsing to reliable execution. Agent handles discovery, filtering, license checks, quick benchmarking, and integration-ready inference plans.

Architecture

Memory and reusable artifacts live in ~/hugging-face/. See memory-template.md for structure and status fields.

~/hugging-face/
|- memory.md          # Stable context, priorities, and defaults
|- shortlists.md      # Candidate models and datasets by use case
|- evaluations.md     # Benchmark runs, winners, and caveats
|- endpoints.md       # Approved endpoints and auth notes
`- exports/           # Saved outputs and comparison snapshots

Quick Reference

Load only one focused file at a time to keep context small and decisions explicit.

Topic	File
Setup process	`setup.md`
Memory template	`memory-template.md`
Model and dataset discovery	`discovery.md`
Inference execution patterns	`inference.md`
Evaluation rubric and scoring	`evaluation.md`
Common failures and recovery	`troubleshooting.md`

Core Rules

1. Lock Objective and Constraints First

Before selecting any artifact, confirm task type, latency budget, cost boundary, and deployment target.

Use this minimum scope packet:

Task type: chat, generation, embedding, classification, vision, or speech
Quality priority: best quality, best speed, or balanced
Runtime constraints: CPU only, specific GPU class, or hosted endpoint
Compliance constraints: license, region, or private data limits

2. Separate Discovery from Execution

Do not run inference on the first candidate found.

First create a shortlist of at least three candidates, then execute only on finalists that pass compatibility and license checks.

3. Validate License and Access Before Recommendation

For every candidate, verify license, gated access status, model size, and framework compatibility.

If any of these are unknown, mark the candidate as provisional and avoid production recommendation.

4. Benchmark with a Deterministic Mini Suite

Use the same prompt set and output checks across candidates so results are comparable.

Minimum benchmark set:

One typical request
One edge-case request
One failure-prone request

5. Minimize External Data

Send only what is required for the selected endpoint.

Never send credentials, local paths, or unrelated private context in request payloads.

6. Use a Fallback Ladder

If the preferred model fails, apply ordered fallback:

Retry same endpoint with smaller payload
Switch to a compatible backup model
Switch to local-only workflow if available

7. Keep Runs Reproducible

Log selected model id, endpoint, key parameters, and evaluation result in local memory so future runs are consistent and auditable.

Common Traps

Picking the highest download count as the only criterion -> often misses license, latency, or domain fit.
Ignoring gated model requirements -> integration fails at runtime due to access restrictions.
Comparing models with different prompts -> quality conclusions become unreliable.
Sending full user context to inference endpoints -> unnecessary privacy exposure.
Skipping fallback design -> workflows fail hard on transient endpoint errors.

External Endpoints

Use discovery endpoints before inference so candidate selection remains explainable and reproducible.

Endpoint	Data Sent	Purpose
`https://huggingface.co/api/models`	Search terms, filter parameters	Discover model candidates
`https://huggingface.co/api/datasets`	Search terms, filter parameters	Discover dataset candidates
`https://huggingface.co/api/spaces`	Search terms, filter parameters	Discover runnable Spaces
`https://api-inference.huggingface.co/models/{model_id}`	Prompt or task input payload, selected model id, auth token	Run hosted inference

No other data is sent externally.

Security & Privacy

Data that leaves your machine:

Search terms and filter inputs sent to Hugging Face discovery APIs.
Inference payloads sent to Hugging Face Inference API when execution is requested.

Data that stays local:

Preferences, shortlists, evaluation notes, and endpoint decisions in ~/hugging-face/.

This skill does NOT:

Exfiltrate local files by default.
Send undeclared network requests.
Store raw secrets in local notes.
Modify its own skill definition file.

Trust

By using this skill, selected request data is sent to Hugging Face services. Only install if you trust Hugging Face with the inputs you choose to process.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

ai - general AI strategy and model-selection framing
api - API-first integration patterns and HTTP debugging
data-analysis - dataset inspection and quality interpretation
data - structured data workflows and extraction patterns
code - implementation support for scripts and adapters

Feedback

If useful: clawhub star hugging-face
Stay updated: clawhub sync

安全使用建议

This skill appears internally consistent: it will call Hugging Face APIs and requires an HF_TOKEN and a ~/hugging-face/ folder for local memory. Before installing: 1) Only provide an HF_TOKEN with minimal necessary scope and be prepared to rotate it if needed. 2) Confirm you trust Hugging Face for any inputs you send (search terms and inference payloads will leave your machine). 3) Approve creation of ~/hugging-face/ and check the files it creates; the setup recommends secure file permissions but verify them after creation. 4) Note the small metadata mismatch (primary credential not marked even though HF_TOKEN is required) — this is likely benign but you can ask the publisher to fix it. If you need stricter control, avoid setting HF_TOKEN globally in your shell and instead provide it only in a session when performing runs.

功能分析

Type: OpenClaw Skill Name: hugging-face Version: 1.0.0 The skill bundle is well-aligned with its stated purpose of interacting with Hugging Face services for model discovery and inference. It transparently declares its use of `curl` and `jq` for API calls to specified Hugging Face endpoints, and `HF_TOKEN` for authentication, with explicit instructions in `inference.md` and `memory-template.md` to handle tokens securely (not logging or storing them locally). The `setup.md` file performs standard local directory and file creation with restrictive `chmod 700` and `chmod 600` permissions. Crucially, `SKILL.md` and `inference.md` contain strong security guardrails and core rules for the AI agent, instructing it to minimize external data, avoid sending unrelated user context or local files, and validate licenses, which actively mitigates prompt injection risks and promotes secure behavior. There is no evidence of data exfiltration beyond declared endpoints, unauthorized execution, persistence, or obfuscation.

能力评估

✓ Purpose & Capability

Name/description match what the SKILL.md and companion docs do: discover models/datasets/spaces, run hosted inference, benchmark, and store local notes. Required binaries (curl, jq), HF_TOKEN, and ~/hugging-face/ config path are coherent with API calls and local memory described.

✓ Instruction Scope

Runtime instructions explicitly show the Hugging Face discovery and inference endpoints and example curl commands. The docs limit external data to search terms and inference payloads, instruct not to send local files or secrets, and describe creating only the declared ~/hugging-face/ files. There is no instruction to read unrelated system files or contact unexpected endpoints.

✓ Install Mechanism

There is no install spec and no code files — the skill is instruction-only. This is low-risk: nothing is downloaded or written beyond optional local memory files the user must approve.

ℹ Credentials

The skill requires a single env var HF_TOKEN, which is appropriate for calling the Hugging Face Inference API. Minor metadata inconsistency: registry metadata lists no primary credential while the SKILL.md and docs require HF_TOKEN. HF_TOKEN usage is limited to the documented API calls in inference.md.

✓ Persistence & Privilege

The skill requests a local config path (~/hugging-face/) for memory and artifacts; setup explicitly asks for user approval before creating files and sets restrictive permissions. always:false and no system-wide modifications are requested.

版本历史

v1.0.0

Initial release with discovery, evaluation, inference, and troubleshooting workflows for Hugging Face operations.

元数据

Slug hugging-face

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Hugging Face 是什么？

Discover, evaluate, and run Hugging Face models, datasets, and spaces with license checks, benchmark prompts, and reproducible integration plans. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 385 次。

如何安装 Hugging Face？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hugging-face」即可一键安装，无需额外配置。

Hugging Face 是免费的吗？

是的，Hugging Face 完全免费（开源免费），可自由下载、安装和使用。

Hugging Face 支持哪些平台？

Hugging Face 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin, win32）。

谁开发了 Hugging Face？

由 Iván（@ivangdavila）开发并维护，当前版本 v1.0.0。