YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Pickle scanner bypass via skops.io.dump writes attacker-controlled skops model archives while scanners report clean

This repository contains malicious pickle payload(s) that bypass both picklescan==1.0.4 and modelscan==0.8.8, then write attacker-controlled model artifacts during normal pickle.load().

Reproduce

python3 -m venv /tmp/skops-dump-scanner-bypass-venv
/tmp/skops-dump-scanner-bypass-venv/bin/python -m pip install --upgrade pip
/tmp/skops-dump-scanner-bypass-venv/bin/python -m pip install -r requirements.txt
/tmp/skops-dump-scanner-bypass-venv/bin/python reproduce_skops_dump_scanner_bypass.py

Expected output includes:

Infected files: 0
Dangerous globals: 0
No issues found!
REPRO_OK=True
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support