⛨GuardrailCybersecurityFree
ModelScan — ML Model Serialization Scanner
ProtectAI's scanner that detects malicious payloads hidden inside pickle, PyTorch, TF, and Keras model files.
Installationen18k
Bewertung★ 4.5
Rezensionen6
ModelScan — ML Model Serialization Scanner
ModelScan, maintained by ProtectAI, scans ML model files for serialization attacks — one of the most underappreciated supply-chain risks in AI. A malicious .pkl, .pt, or .h5 file can execute arbitrary code on torch.load(). ModelScan flags these before they reach production.
Key features
- Supports pickle, PyTorch (
.pt/.pth), TensorFlow SavedModel, Keras.h5, NumPy, and more - CI/CD ready: exit code 1 on findings, JSON/text output
- Zero false-positive safe-model passes (no benign ops blocked)
- GitHub Action available
- Integrates with Hugging Face Hub via the
huggingface-hubaudit CLI
Quick start
pip install modelscan
modelscan scan -p ./my_model.pkl
# Scan an HF model directly
modelscan scan --huggingface bert-base-uncased
npx ai-supply add modelscan-serialization-security
Curated mirror of the open-source ModelScan (Apache-2.0). Get it from the source.