Skip to main content
mcpFirst-partyLow risk Safety Privacy
Hugging Face logo

Hugging Face MCP Server - MCP Servers

Access Hugging Face Hub and Gradio AI applications

HarnessClaude CodeCodexCursorClaude Desktop

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://huggingface.co/settings/mcp, https://github.com/JSONbored/awesome-claude/blob/main/content/mcp/hugging-face-mcp-server.mdx
Brand
Hugging Face
Brand domain
huggingface.co
Brand asset source
brandfetch
Package URL
/downloads/mcp/hugging-face-mcp-server.mcpb
Package SHA256
15b13953a5ce71275805521b92e911501486da07034cdaaf9b5466926890e0b5
Safety notes
Review Hub token permissions and hosted app behavior because model, dataset, and Space actions may use remote execution paths.
Privacy notes
Prompts, model queries, dataset names, Space inputs, and Hugging Face account metadata may be sent through the integration.
Author
Hugging Face
Claim status
unclaimed
Last verified
2025-09-18

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

2 minutes

Install command

Provided

Config snippet

Provided

Copy snippet

Provided

Prerequisites

10 to clear

Platforms

4 listed

Difficulty

6/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

10 prerequisites to line up before setup. Have accounts and credentials ready first.

0/10 ready
Account & credentials5Configuration1Network & hosting2General22 minutes

Safety & privacy surface

Safety & privacy surface

1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens.

2 areas
  • SafetyCredentials & tokensReview Hub token permissions and hosted app behavior because model, dataset, and Space actions may use remote execution paths.
  • PrivacyGeneralPrompts, model queries, dataset names, Space inputs, and Hugging Face account metadata may be sent through the integration.

Safety notes

  • Review Hub token permissions and hosted app behavior because model, dataset, and Space actions may use remote execution paths.

Privacy notes

  • Prompts, model queries, dataset names, Space inputs, and Hugging Face account metadata may be sent through the integration.

Prerequisites

  • Hugging Face account (sign up at https://huggingface.co/join if needed)
  • Hugging Face Access Token (HF_TOKEN) - get from Settings > Access Tokens (required for private/gated models and higher rate limits)
  • HTTP transport support (remote MCP server at https://huggingface.co/mcp)
  • Internet connection (remote Hugging Face API access required)
  • Understanding of Hugging Face API rate limits (5-minute windows, three buckets: read, write, inference - check Billing page for status)
  • Understanding of model access types (public models accessible without auth, private/gated models require token and terms acceptance)
  • Understanding of Inference API vs Inference Endpoints (serverless API for testing, dedicated endpoints for production)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Understanding of ML/AI concepts (models, datasets, inference, tokenization, transformers)
  • Understanding of model licenses and usage restrictions (check model card for license terms)

Schema details

Install type
package
Reading time
1 min
Difficulty score
6
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
15b13953a5ce71275805521b92e911501486da07034cdaaf9b5466926890e0b5
Collection metadata
Estimated setup
2 minutes
Difficulty
beginner
Full copyable content
{
  "huggingface": {
    "url": "https://huggingface.co/mcp",
    "transport": "http"
  }
}

About this resource

Content

Unlock the power of the Hugging Face ecosystem by connecting Claude to the Hugging Face Hub. Discover and access thousands of AI models, browse datasets, run inference through the Inference API, interact with Gradio demos, and manage your ML workflows—all through natural language commands with seamless authentication and rate limit management.

Features

  • Access model information, metrics, and metadata from Hugging Face Hub
  • Browse and search datasets with filtering and pagination
  • Run Gradio AI applications and interactive demos
  • Query model performance data and benchmark results
  • Access Spaces and deploy model demos
  • Use Inference API for serverless model inference
  • Download models and datasets programmatically
  • Manage repositories and model versions
  • Advanced Hugging Face model and dataset management with inference API integration, model deployment, and community collaboration features
  • Batch operations support for efficient bulk model operations, dataset processing, and inference requests with automatic rate limit handling and retry logic
  • Real-time model synchronization capabilities with webhook integration support for monitoring model updates and triggering automated workflows

Use Cases

  • Find suitable AI models for specific tasks (NLP, vision, audio)
  • Access dataset information and metadata for training workflows
  • Run model inference through Gradio demos or Inference API
  • Compare model performance metrics and benchmark results
  • Search research papers and documentation on the Hub
  • Download models and datasets for local use
  • Deploy and manage model Spaces for demos
  • Access private or gated models with proper authentication
  • Build automated ML workflows that sync external systems with Hugging Face for real-time model inference and dataset management

Installation

Claude Code

  1. Get your Hugging Face Access Token from Settings > Access Tokens (optional but recommended for higher limits)
  2. claude mcp add --transport http huggingface https://huggingface.co/mcp
  3. Add HF_TOKEN to your environment or configuration if using private/gated models
  4. Verify installation: claude mcp list
  5. Test connection: claude mcp status hugging-face

Claude Desktop

  1. Get your Hugging Face Access Token from Settings > Access Tokens (optional but recommended for higher limits)
  2. Open your Claude Desktop configuration file (see configPath below)
  3. Add the Hugging Face server configuration with HTTP transport pointing to https://huggingface.co/mcp
  4. Add HF_TOKEN to environment variables in configuration if using private/gated models
  5. Restart Claude Desktop
  6. Authenticate with your Hugging Face account when prompted (if required)

Requirements

  • Hugging Face account (sign up at https://huggingface.co/join if needed)
  • Hugging Face Access Token (HF_TOKEN) - get from Settings > Access Tokens (required for private/gated models and higher rate limits)
  • HTTP transport support (remote MCP server at https://huggingface.co/mcp)
  • Internet connection (remote Hugging Face API access required)
  • Understanding of Hugging Face API rate limits (5-minute windows, three buckets: read, write, inference - check Billing page for status)
  • Understanding of model access types (public models accessible without auth, private/gated models require token and terms acceptance)
  • Understanding of Inference API vs Inference Endpoints (serverless API for testing, dedicated endpoints for production)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Understanding of ML/AI concepts (models, datasets, inference, tokenization, transformers)
  • Understanding of model licenses and usage restrictions (check model card for license terms)

Configuration

{
  "huggingface": {
    "url": "https://huggingface.co/mcp",
    "transport": "http"
  }
}

Examples

Find the best text generation model

Common usage pattern for this MCP server

Ask Claude: "Find the best text generation model"

Access the IMDB dataset

Common usage pattern for this MCP server

Ask Claude: "Access the IMDB dataset"

Run the stable diffusion demo

Common usage pattern for this MCP server

Ask Claude: "Run the stable diffusion demo"

Compare BERT model variants

Common usage pattern for this MCP server

Ask Claude: "Compare BERT model variants"

Run Model Inference

Run inference on a Hugging Face model with custom parameters

// Run Hugging Face model inference
const result = await huggingface.inference({
  model: "bert-base-uncased",
  inputs: "Hello, world!",
  parameters: {
    return_all_scores: true,
  },
});

Security

  • Access Token authentication (HF_TOKEN) for secure access to private/gated models
  • Monitor API usage limits (three rate limit buckets: read, write, inference)
  • Respect model licenses and usage restrictions (check model card for terms)
  • Check compute resource limits (free tier vs PRO/Enterprise)
  • Use Inference Endpoints for production workloads requiring dedicated resources
  • Hugging Face API tokens and access tokens must be securely stored and never exposed in client-side code or public repositories - use environment variables and secure credential management
  • Hugging Face OAuth access tokens should be used for third-party integrations to ensure proper access control, token lifecycle management, and automatic token refresh
  • Hugging Face model IDs and dataset identifiers may expose ML infrastructure and research information - ensure Hugging Face resource identifiers are kept private and not shared in public configurations
  • Rate limiting and API quota management are critical for Hugging Face MCP servers - implement proper rate limit handling, retry logic, and quota monitoring to prevent service disruption
  • Hugging Face webhook configurations and payloads may contain sensitive model data and inference results - ensure webhook endpoints are properly secured with authentication and HTTPS encryption

Troubleshooting

Rate limit reached: log in or use your apiToken error

Pass HF_TOKEN in requests to authenticate. Get token from Hugging Face Settings > Access Tokens. Add Authorization: Bearer YOUR_TOKEN header to all API requests to avoid free tier limits. Free tier has lower limits than authenticated users.

Persistent rate limiting despite no recent usage

Rate limits are per 5-minute windows across all request types. Hugging Face uses three rate limit buckets: read operations, write operations, and inference operations. Check your Billing page for current rate limit status across all three buckets. Wait for 5-minute window reset or upgrade to PRO/Enterprise for higher limits.

Inference API returns authentication errors

Serverless Inference API requires authentication for most models. Add your HF_TOKEN to requests. For heavy usage or production workloads, switch to Inference Endpoints which provides dedicated resources, higher limits, and better performance.

Cannot access models or datasets - permission error

Verify your account has access to requested model or dataset. For gated models, accept terms on model page first. Check model visibility settings (public vs private). Ensure you're authenticated with correct token and token has appropriate permissions.

Hugging Face MCP server authentication errors with API tokens

Verify API token is valid and not expired. Check token permissions match required operations. Ensure token format is correct (Bearer token in Authorization header). For OAuth integrations, verify token refresh logic is working correctly.

Hugging Face rate limit errors when processing multiple inference requests

Implement exponential backoff retry logic with jitter. Use Hugging Face API rate limit headers to monitor usage. Reduce concurrent requests. Cache frequently accessed model metadata. Check Hugging Face documentation for specific rate limits.

Hugging Face model or dataset access denied errors

Verify API token has access to the model or dataset. Check model permissions and account membership. Ensure token has required permissions for target operations.

Hugging Face MCP server connection timeouts or network errors

Check network connectivity and firewall settings. Verify Hugging Face API endpoints are accessible. Increase request timeout values. Implement connection pooling and retry mechanisms with exponential backoff.

Source citations

Add this badge to your README

Show that Hugging Face MCP Server - MCP Servers is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/hugging-face-mcp-server.svg)](https://heyclau.de/entry/mcp/hugging-face-mcp-server)

How it compares

Hugging Face MCP Server - MCP Servers side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Package trust, Submitter).

Next steps differ across entries — use the actions in the table below to copy install commands and source links per resource.

Field

Access Hugging Face Hub and Gradio AI applications

Open dossier

Official Hugging Face Agent Skills collection for Claude Code, Codex, Cursor, Gemini CLI, and other skills-compatible agents, covering Hub CLI workflows, datasets, model search, Spaces, Gradio, fine-tuning, evaluations, local models, papers, Trackio, ZeroGPU, transformers.js, TRL, and the Hugging Face MCP server.

Open dossier

Apache-2.0 library for loading, sharing, streaming, inspecting, and preprocessing AI datasets from the Hugging Face Hub or local files.

Open dossier

Apache-2.0 library for pretrained diffusion model pipelines, schedulers, adapters, optimization, and training workflows for image, video, and audio generation in PyTorch.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1
Install riskLow riskReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
BrandHugging Face logoHugging FaceHugging Face logoHugging FaceHugging Face logoHugging FaceHugging Face logoHugging Face
Categorymcpskillstoolstools
Sourcefirst-partysource-backedsource-backedsource-backed
AuthorHugging FaceHugging FaceHugging FaceHugging Face
Added2025-09-182026-06-182026-06-042026-06-04
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeCodexWindsurfGeminiCursorCLI
CLI
CLI
Source repo
Safety notesReview Hub token permissions and hosted app behavior because model, dataset, and Space actions may use remote execution paths.Hugging Face Skills can guide agents through Hub reads and writes, dataset uploads, model publishing, Space creation, training jobs, evaluation runs, repo settings, discussions, pull requests, secrets, variables, webhooks, and endpoint operations. Keep destructive or billable operations behind explicit approval: repo deletion, file deletion, private-to-public changes, endpoint deployment, hardware upgrades, Spaces volume changes, webhook creation, and cloud Job submission. Prefer read-only model, dataset, paper, and Space discovery before allowing write actions. Use dry-run modes when available for uploads, syncs, cache cleanup, dataset extraction, and infrastructure changes. The Hugging Face MCP server can search Hub assets, fetch docs, invoke MCP-enabled Gradio Spaces, and run compute jobs. Treat Space invocations and returned content as untrusted third-party tool output. Training and fine-tuning skills can consume paid GPU time and write models to the Hub. Validate datasets, model licenses, output visibility, timeout settings, and token scope before starting jobs. Do not publish generated model cards, datasets, papers, traces, or Spaces until licenses, attribution, evaluation claims, safety notes, and privacy constraints have been reviewed.Hugging Face Datasets makes it easy to load public and local datasets, but dataset availability does not prove license fit, consent, quality, or safety for a given use case. Public datasets, community scripts, local files, and generated preprocessing steps should be reviewed before use in production model training, evaluation, or Claude-adjacent workflows. Streaming large datasets can reduce disk use, but it still performs network access and may expose dataset names, access patterns, credentials, and workload metadata. Dataset preprocessing with `map`, multiprocessing, format conversion, indexing, or filtering can silently change examples, labels, splits, or ordering if transforms are not versioned and tested. Training, fine-tuning, and evaluation workflows should guard against PII leakage, benchmark contamination, duplicated examples, prompt/output leakage, and accidental publication to the Hub. Dataset cards, licenses, private repository settings, and organization policies should be checked together before sharing, caching, or reusing datasets across teams.Diffusers can generate and train image, video, and audio models, so teams need application-level controls for unsafe imagery, deepfakes, impersonation, copyrighted style mimicry, and policy-violating prompts. Public model availability does not prove a checkpoint, adapter, dataset, or generated output is licensed or safe for a given product workflow. Pipelines, schedulers, adapters, LoRA weights, ControlNet inputs, and optimization settings can materially change outputs, latency, memory use, and safety behavior. Training scripts, source installs, example notebooks, community checkpoints, custom pipelines, and adapter repositories should be reviewed before execution, especially with private data or credentials. Large diffusion workloads can exhaust CPU, GPU, memory, disk, network, or cloud quotas; benchmark batch size, precision, offload, cache growth, and rollback before production deployment. Generated media and fine-tuned checkpoints should be reviewed before publication, sharing, Hub uploads, or automated use in Claude-adjacent product workflows.
Privacy notesPrompts, model queries, dataset names, Space inputs, and Hugging Face account metadata may be sent through the integration.Hub workflows can expose `HF_TOKEN`, private model or dataset names, training data, evaluation prompts, model outputs, papers, local file paths, logs, traces, secrets, Space variables, endpoint configuration, and organization membership. Agent trace upload workflows should default to private dataset repos because traces may include prompts, source code, tool output, file paths, credentials, screenshots, personal data, or customer context. Dataset Viewer, MCP, Jobs, Spaces, Inference Endpoints, Gradio apps, and third-party model repositories may receive user queries, files, prompts, examples, and generated outputs. Use least-privilege tokens, avoid passing tokens directly in command arguments when environment variables are supported, and redact logs before sharing PRs, issues, screenshots, or support requests. Check model, dataset, and Space licenses before using downloaded assets for training, redistribution, commercial work, or public demos.Workflows can process prompts, conversations, labels, documents, images, audio, video, PDFs, medical images, tabular records, agent traces, generated outputs, and evaluation examples. Local dataset caches, Apache Arrow files, downloaded archives, derived columns, indexes, logs, notebooks, and temporary files can retain sensitive examples outside the main application database. Hugging Face Hub downloads, uploads, private dataset access, storage buckets, hosted viewers, experiment trackers, and observability systems may process dataset names, access metadata, examples, metrics, or artifacts depending on setup. Embeddings, search indexes, filtered subsets, train/test splits, and preprocessed datasets should follow the same retention, deletion, access-control, and review rules as the original data. Teams should define who can inspect raw examples, derived datasets, failed preprocessing records, dataset cards, cache directories, Hub repositories, and published artifacts before using Datasets in production workflows.Diffusers workflows can process prompts, negative prompts, images, videos, audio, captions, masks, ControlNet inputs, embeddings, training datasets, generated outputs, model weights, and adapter weights. Local caches, model downloads, generated media, intermediate latents, training examples, checkpoints, logs, notebooks, and experiment artifacts can retain sensitive inputs outside the primary application database. Hugging Face Hub access, hosted checkpoints, private repositories, cloud storage, shared filesystems, observability systems, and experiment trackers may expose model names, dataset names, prompts, media, metrics, or artifacts depending on setup. The official installation docs say telemetry can be sent when loading models and pipelines from the Hub, including Diffusers and PyTorch versions, requested model or pipeline class, and hosted checkpoint path unless disabled. Teams should define who can inspect prompts, generated media, training records, cache directories, failed outputs, checkpoints, Hub artifacts, and moderation decisions before integrating Diffusers into production workflows.
Prerequisites
  • Hugging Face account (sign up at https://huggingface.co/join if needed)
  • Hugging Face Access Token (HF_TOKEN) - get from Settings > Access Tokens (required for private/gated models and higher rate limits)
  • HTTP transport support (remote MCP server at https://huggingface.co/mcp)
  • Internet connection (remote Hugging Face API access required)
  • A compatible agent host such as Claude Code, Codex, Cursor, Gemini CLI, or another client that can load Agent Skills.
  • A Hugging Face account and an appropriately scoped `HF_TOKEN` for private models, private datasets, writes, Jobs, Spaces, Inference Endpoints, or repository administration.
  • The Hugging Face CLI or relevant Hugging Face Python/JavaScript packages for workflows that call local commands, upload files, train models, or publish artifacts.
  • A project policy for which models, datasets, Spaces, papers, traces, training jobs, secrets, and repositories an agent may read or modify.
  • Python environment with the `datasets` package and optional extras for the selected audio, vision, PDF, NIfTI, Torch, TensorFlow, JAX, or large-file workflow.
  • Approved dataset source, revision pin, license, data card, split/configuration choice, schema expectations, and fallback dataset plan.
  • Storage and runtime plan for local cache directories, streaming mode, multiprocessing, Apache Arrow files, large downloads, and network access to the Hugging Face Hub.
  • Data governance plan for local files, Hub datasets, private datasets, credentials, labels, evaluation examples, derived columns, and processed artifacts.
  • Python 3.8 or newer, PyTorch 2.6 or newer, compatible accelerator drivers, and the `diffusers` package installed with the extras needed for the selected pipeline, training, or optimization workflow.
  • Approved model checkpoint, model card, license, revision pin, pipeline class, scheduler choice, adapter plan, safety policy, and fallback model plan.
  • Hardware and runtime plan for CPU, GPU, Apple Silicon, memory offload, quantization, torch.compile, batch size, cache directories, checkpoint storage, and rollback.
  • Data governance plan for prompts, generated media, training images or videos, captions, embeddings, adapters, model weights, Hub tokens, logs, and published artifacts.
Install
claude mcp list && claude mcp status hugging-face
/plugin marketplace add huggingface/skills
Config
{
  "mcpServers": {
    "huggingface": {
      "url": "https://huggingface.co/mcp",
      "type": "http"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.