YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Joblib companion-path scanner bypass PoC

This repository is a benign security research PoC for the Huntr Model File Formats program.

Files:

  • control_main.joblib + control_companion.npy: scanner-clean pair that loads without side effects.
  • malicious_main.joblib + malicious_companion.npy: scanner-clean pair where the .joblib file causes joblib.load() to load the companion .npy with allow_pickle=True, triggering a marker write.
  • reproduce.py: scans both files and compares the control vs malicious load.

Observed marker:

  • control: no marker file
  • malicious: writes /tmp/mfv_joblib_ndarraywrapper_companion_marker_20260626.txt

Reproduction:

python -m venv /tmp/joblib-companion-venv
/tmp/joblib-companion-venv/bin/python -m pip install --upgrade pip
/tmp/joblib-companion-venv/bin/python -m pip install -r requirements.txt
/tmp/joblib-companion-venv/bin/python reproduce.py

Expected:

  • all four files (main.joblib and companion.npy in control/malicious) scan clean
  • joblib.load(control/main.joblib) returns a benign object and writes nothing
  • joblib.load(malicious/main.joblib) writes the marker file during load
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support