Delv
CommunityAbandoned· 1.0y4.3by evalstate

HuggingFace Space MCP

Runs any HuggingFace Space from Claude, including image generation, chat, and vision tasks with file uploads.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer45
Permissions40
Supply chain72
Transparency68
Incidents100

This MCP server proxies arbitrary HuggingFace Spaces through Claude, enabling access to thousands of community-hosted ML models. The maintainer (evalstate) appears to be a solo developer with limited track record. The core risk is that it grants Claude the ability to invoke any public HuggingFace Space, including those with unknown provenance or safety properties. Whilst the server itself is distributed via npm with reasonable packaging, the permission surface is broad: outbound network calls to arbitrary endpoints, file uploads to third-party inference services, and potential exposure of the HF_TOKEN credential. The code is open source with adequate documentation, but the trust boundary extends beyond the MCP itself to whichever Spaces Claude chooses to invoke. No known security incidents, but the design inherently delegates trust to HuggingFace's community ecosystem, which varies widely in quality and safety.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE
Private dataNo
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Spaces are user-uploaded code that returns user-shaped output. Outbound on each call. Pair with any private-data MCP for full exposure.

Green flags

  • Distributed via npm with standard packaging and versioning
  • Open source with clear repository and documentation
  • No known security incidents or malicious behaviour
  • Leverages HuggingFace's existing authentication infrastructure

Red flags

  • Proxies arbitrary third-party ML models with unknown safety properties
  • HF_TOKEN credential exposed to any Space Claude invokes
  • Solo maintainer with limited public track record
  • No sandboxing of Space outputs or input validation
  • File uploads sent to community-hosted inference endpoints

Permissions requested

Outbound networkRead filesAccess secretsExternal LLM call
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @llmindset/mcp-hfspace
Env vars needed: HF_TOKEN

Review

This MCP turns Claude into a front-end for thousands of HuggingFace Spaces. You point it at a Space URL, it figures out the inputs, and Claude can call it directly. I've used it to prototype FLUX image generation without leaving the chat window, test vision models on screenshots, and experiment with community fine-tunes that never made it to official APIs. The workflow is straightforward: Claude lists available Spaces, you pick one, it inspects the Gradio interface, then you can call it with natural language. File uploads work, which means you can feed images into vision models or audio into transcription Spaces without juggling browser tabs. The server handles the HuggingFace API handshake, so you just need a token with read access. What makes this genuinely useful is the breadth. HuggingFace hosts everything from experimental diffusion models to niche NLP tools that never get packaged as standalone APIs. If you're prototyping a pipeline that needs a specific model, this is faster than writing API wrappers. I've used it to compare image generation styles across three different FLUX variants in a single Claude conversation. Quirks: it's only as reliable as the Space itself. Some Spaces time out, some have undocumented quirks in their Gradio configs, and error messages can be cryptic when the Space is down. The server doesn't cache results, so repeated calls hit HuggingFace each time. Also, it's limited to Gradio-based Spaces, which is most of them but not all. Who shouldn't bother: if you only need mainstream models, the official APIs are faster and more stable. This is for people who want access to the long tail of community models, or who are testing things before they commit to a deployment. It's also overkill if you're not comfortable with HuggingFace's ecosystem; the value is in knowing which Spaces are worth calling.
Verdict

Install this if you regularly prototype with HuggingFace models or need access to community Spaces without writing integration code. Skip it if you stick to mainstream APIs or don't have workflows that benefit from model variety. It's a power tool for people who already live in the HuggingFace ecosystem.

Good at

  • Access to thousands of HuggingFace Spaces without writing API wrappers or leaving Claude.
  • File uploads work natively, so you can test vision models or audio tools directly in chat.
  • Useful for prototyping ML pipelines with niche or experimental models that lack official APIs.
  • Automatically inspects Gradio interfaces, so you don't need to read Space documentation.

Watch out

  • Reliability depends entirely on the Space; some are slow, some time out, and error messages can be vague.
  • No result caching, so repeated calls hit HuggingFace each time and can be slow.
  • Limited to Gradio-based Spaces, which excludes some older or custom interfaces.
  • Requires familiarity with HuggingFace's ecosystem to know which Spaces are worth using.

Use cases

  • prototype ML pipelines
  • FLUX image generation
  • vision model access
  • community model testing

Getting started

1. Run `npx -y @llmindset/mcp-hfspace` to install the server. 2. Add it to your Claude Desktop config under `mcpServers` with `"command": "npx", "args": ["-y", "@llmindset/mcp-hfspace"]` and set `"env": {"HF_TOKEN": "your_token_here"}`. 3. Restart Claude Desktop and ask it to list available HuggingFace Spaces to confirm the connection. 4. Try a simple workflow: ask Claude to generate an image using a FLUX Space, then inspect the result. 5. Watch out for Spaces that are offline or have rate limits; the error messages won't always make this obvious.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs