YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib companion-path scanner bypass PoC
This repository is a benign security research PoC for the Huntr Model File Formats program.
Files:
control_main.joblib+control_companion.npy: scanner-clean pair that loads without side effects.malicious_main.joblib+malicious_companion.npy: scanner-clean pair where the.joblibfile causesjoblib.load()to load the companion.npywithallow_pickle=True, triggering a marker write.reproduce.py: scans both files and compares the control vs malicious load.
Observed marker:
- control: no marker file
- malicious: writes
/tmp/mfv_joblib_ndarraywrapper_companion_marker_20260626.txt
Reproduction:
python -m venv /tmp/joblib-companion-venv
/tmp/joblib-companion-venv/bin/python -m pip install --upgrade pip
/tmp/joblib-companion-venv/bin/python -m pip install -r requirements.txt
/tmp/joblib-companion-venv/bin/python reproduce.py
Expected:
- all four files (
main.joblibandcompanion.npyin control/malicious) scan clean joblib.load(control/main.joblib)returns a benign object and writes nothingjoblib.load(malicious/main.joblib)writes the marker file during load
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support