Add NPY/NPZ scanner bypass PoC + warning README

README.md

@@ -0,0 +1,25 @@
+# ⚠️ WARNING — Security Research PoC
+
+> **DO NOT load these files with `np.load(allow_pickle=True)` in production environments.**
+> **DO NOT use these files for any purpose other than security research.**
+
+## What is this?
+
+This repository contains **proof-of-concept .npy and .npz files** created for **responsible security vulnerability disclosure** via [huntr.com](https://huntr.com).
+
+## Vulnerability Type
+
+**Scanner Bypass / Arbitrary Code Execution (CWE-502)**
+
+Malicious `.npy` and `.npz` files containing pickle RCE payloads that bypass modelscan 0.8.8 detection on numpy >= 2.3.0. modelscan uses `np.lib.format._check_version` which was removed in numpy 2.3.0, causing the scanner to crash silently and report "No issues found!" while the files contain executable pickle payloads.
+
+## Important Notes
+
+- 🔴 **These files contain pickle payloads that WILL EXECUTE CODE when loaded with `np.load(allow_pickle=True)`.**
+- 🔴 **DO NOT load in any production, staging, or shared environment.**
+- The PoC payload is benign (writes a proof file) but the technique allows arbitrary code execution.
+- **This repository will be removed or made private after the vulnerability review process is complete.**
+
+## Responsible Disclosure
+
+This PoC is part of a responsible disclosure process through [huntr.com](https://huntr.com).