Warn about tool use (#29628)
* Warn against remote tool use * Additional disclaimer * Update docs/source/en/custom_tools.md Co-authored-by: amyeroberts <22614925+amyeroberts@users.noreply.github.com> --------- Co-authored-by: amyeroberts <22614925+amyeroberts@users.noreply.github.com>
This commit is contained in:
@@ -427,6 +427,15 @@ To upload your custom prompt on a repo on the Hub and share it with the communit
|
||||
|
||||
## Using custom tools
|
||||
|
||||
<Tip warning={true}>
|
||||
|
||||
Using custom tools in your local runtime means that you'll download code to run on your machine.
|
||||
|
||||
ALWAYS inspect the tool you're downloading before loading it within your runtime, as you would do when
|
||||
installing a package using pip/npm/apt.
|
||||
|
||||
</Tip>
|
||||
|
||||
In this section, we'll be leveraging two existing custom tools that are specific to image generation:
|
||||
|
||||
- We replace [huggingface-tools/image-transformation](https://huggingface.co/spaces/huggingface-tools/image-transformation),
|
||||
|
||||
@@ -186,6 +186,14 @@ class Tool:
|
||||
"""
|
||||
Loads a tool defined on the Hub.
|
||||
|
||||
<Tip warning={true}>
|
||||
|
||||
Loading a tool from the Hub means that you'll download the tool and execute it locally.
|
||||
ALWAYS inspect the tool you're downloading before loading it within your runtime, as you would do when
|
||||
installing a package using pip/npm/apt.
|
||||
|
||||
</Tip>
|
||||
|
||||
Args:
|
||||
repo_id (`str`):
|
||||
The name of the repo on the Hub where your tool is defined.
|
||||
@@ -630,6 +638,14 @@ def load_tool(task_or_repo_id, model_repo_id=None, remote=False, token=None, **k
|
||||
"""
|
||||
Main function to quickly load a tool, be it on the Hub or in the Transformers library.
|
||||
|
||||
<Tip warning={true}>
|
||||
|
||||
Loading a tool means that you'll download the tool and execute it locally.
|
||||
ALWAYS inspect the tool you're downloading before loading it within your runtime, as you would do when
|
||||
installing a package using pip/npm/apt.
|
||||
|
||||
</Tip>
|
||||
|
||||
Args:
|
||||
task_or_repo_id (`str`):
|
||||
The task for which to load the tool or a repo ID of a tool on the Hub. Tasks implemented in Transformers
|
||||
@@ -677,6 +693,12 @@ def load_tool(task_or_repo_id, model_repo_id=None, remote=False, token=None, **k
|
||||
else:
|
||||
return tool_class(model_repo_id, token=token, **kwargs)
|
||||
else:
|
||||
logger.warning_once(
|
||||
f"You're loading a tool from the Hub from {model_repo_id}. Please make sure this is a source that you "
|
||||
f"trust as the code within that tool will be executed on your machine. Always verify the code of "
|
||||
f"the tools that you load. We recommend specifying a `revision` to ensure you're loading the "
|
||||
f"code that you have checked."
|
||||
)
|
||||
return Tool.from_hub(task_or_repo_id, model_repo_id=model_repo_id, token=token, remote=remote, **kwargs)
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user