---
tags:
- security-research
- modelscan-bypass
---
# modelscan-bypass-zipimport

Security research PoC: zipimport.zipimporter + operator.methodcaller bypass

**This is a security research artifact for responsible disclosure to ProtectAI/modelscan.**

modelscan v0.7.6 reports "No issues found" for this file, but it executes arbitrary code on pickle.load().