YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Tarfile extractall pickle scanner bypass PoC
This repository reproduces a pickle scanner bypass against:
picklescan==1.0.4modelscan==0.8.8
The pickle is hand-built from raw opcodes. It avoids pickle.dumps() on bound
methods and directly references these globals:
io.BytesIOtarfile.opentarfile.TarFile.extractall
Both scanners report the file clean, but normal pickle.load() extracts an
embedded tar archive and writes:
/tmp/mfv_tarfile_extractall_scanner_bypass_20260624/huntr_tarfile_extractall_marker.txt
Reproduce
python3 -m venv /tmp/tarfile-extractall-scanner-bypass-venv
/tmp/tarfile-extractall-scanner-bypass-venv/bin/python -m pip install --upgrade pip
/tmp/tarfile-extractall-scanner-bypass-venv/bin/python -m pip install -r requirements.txt
/tmp/tarfile-extractall-scanner-bypass-venv/bin/python reproduce_tarfile_extractall_scanner_bypass.py
Expected tail:
picklescan_clean=True exit=0
modelscan_clean=True exit=0
load_marker_exists=True
load_marker_content=MFV_TARFILE_EXTRACTALL_SCANNER_BYPASS_20260624
REPRO_OK
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support