YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
CoreML PoC Repository - Research Only
โ ๏ธ Educational / Security Research Only
This repository demonstrates file-format vulnerabilities in Apple's coremltools pipeline (as of June 2026).
Files Included:
evil.safetensorsโ ACE via metadata deserializationevil.ggufโ Backdoor + output manipulationevil.kerasโ Custom object RCEevil.joblibโ Joblib pickle RCE + credential stealer
Usage Warning:
Only load these in isolated VMs. Do not use in production or on real devices.
Research Context:
These PoCs were created to highlight gaps in model scanning and conversion safety in coremltools when handling .safetensors, .gguf, .keras, and .joblib formats.
Responsible Disclosure:
Reported to Apple Security. For research purposes only.
Model Card for Testing
- Task: Malicious model demonstration
- License: Research Only
- Created for: coremltools vulnerability research
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support