You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

vt-test mailcap.findmatch rewrite (PoC)

Technique: P04 — mailcap.findmatch → os.system (stdlib indirection)

This is a proof-of-concept demonstrating that the dtonala/vt-test Monero miner (originally detected via yaml.unsafe_load) can be rewritten to evade all mainstream pickle scanners using a single function swap.

What this is

VtTest_mailcap_benign.pth is a modified copy of dtonala/vt-test/VtTest.pth where:

The two yaml.unsafe_load calls (which trigger HuggingFace's Unsafe badge) are replaced with a single mailcap.findmatch call
The payload is benign: touch /tmp/poc_mailcap_bypass
The labels.txt cipher and overall structure are preserved

Scanner results

Scanner	Original VtTest.pth	This rewrite
picklescan	yaml.unsafe_load detected	0 dangerous findings
modelscan	clean	clean
fickling	LIKELY_UNSAFE (yaml mention)	LIKELY_UNSAFE (no yaml, no mailcap mention)
HuggingFace badge	Unsafe	(pending upload verification)

How it works

mailcap.findmatch(caps, mimetype) is a Python stdlib MIME-handler lookup. If the matching entry has a test field, mailcap calls os.system(test) inside the stdlib itself. The os.system call never appears as a pickle opcode — it fires three function calls deep inside mailcap.py, invisible to any static analysis tool.

Part of the General Analysis pickle-scanner research

See SiggytheShark on HuggingFace for the full catalog of 40+ bypass techniques, each as a standalone PoC with benign payload.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support