# Huntr Form Copy

## Target

Keras Native (`.keras`)

## Title

ModelScan Keras V3 scanner misses `TorchModuleWrapper` unsafe deserialization surface in `.keras` files

## Hugging Face PoC

https://huggingface.co/fsabiu/keras-modelscan-torchmodulewrapper-coverage-gap

## Description

Use the full local draft:

```text
01-mfv-model-file-vulnerabilities/report-drafts/F-MFV-001-modelscan-torchmodulewrapper-gap.md
```

## Short Impact Statement

ModelScan 0.8.8 returns a clean scan for a Keras V3 `.keras` file containing `TorchModuleWrapper`, while Keras 3.14.0 blocks the same class in `safe_mode=True` because it can deserialize a `torch.nn.Module` through `torch.load()`. The same ModelScan setup correctly flags a benign Lambda positive control, so this is a targeted scanner coverage gap rather than a broken scanner installation.

## Upload Checklist

- [x] Upload all files in this directory to a public Hugging Face repo.
- [x] Confirm Hugging Face SHA256 matches `SHA256SUMS.txt`.
- [ ] Paste repo URL into the Huntr form.
- [ ] Submit as scanner coverage gap / scanner bypass.
- [ ] Do not present as a new Keras runtime RCE.