You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

TensorFlow SavedModel ModelScan Windows Lambda PoC

This repository contains a minimal TensorFlow SavedModel used to reproduce a ModelScan false negative on Windows.

The SavedModel includes keras_metadata.pb with a Keras Lambda layer. On Windows, current ModelScan scans keras_metadata.pb but reports zero issues because the SavedModel Lambda detector uses / splitting to identify the file name.

The Lambda payload is harmless. It writes huntr_savedmodel_marker.txt under the user's %TEMP% directory when the model is loaded with legacy Keras.

Reproduce

Install the required packages:

pip install modelscan tensorflow-cpu==2.18.0 tf-keras==2.18.0

Scan the model directory on Windows:

modelscan -p lambda_exec_savedmodel

Expected scanner result on affected Windows paths:

0 issues

Load the model:

import os
os.environ["TF_USE_LEGACY_KERAS"] = "1"
from tensorflow import keras

keras.models.load_model("lambda_exec_savedmodel")

Expected result:

%TEMP%\huntr_savedmodel_marker.txt is created

Root Cause

SavedModelLambdaDetectScan._scan() derives the file name with:

str(model.get_source()).split("/")[-1]

Normal Windows paths use backslashes, so the value does not equal keras_metadata.pb and the Lambda detector returns without scanning.

Use platform-aware path handling, for example:

Path(str(model.get_source())).name

Downloads last month: -

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support