Skill

model-registry-model-security-scanning

Scan models for malicious code in model registries. Use when building, configuring, or reviewing model registry security, model ingestion pipelines, or model validation workflows.

Python

PyTorch

security

npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skills

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/prodsec-skills:model-registry-model-security-scanning

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Models stored in registries SHOULD be scanned to identify malicious code within them. This is a gate control applied at the registry level, before models are distributed to inference engines.

SKILL.md

45 lines · ~491 tokens

Similar Skills

model-security-scanning

Scans AI models for malicious elements before loading in inference engines. Detects unsafe formats like pickle, backdoored models, and embedded scripts.

prodsec-skills

llm-supply-chain

Detects compromised models from unverified sources, floating tags, and unreviewed registries with checksum verification, pinned revisions, and approval gates.

soundcheck

AI/ML Attack Surface

Detects AI/ML security vulnerabilities like unsafe model deserialization in PyTorch/Joblib/NumPy, prompt injection in LLM prompts, and risks in Jupyter notebooks or ML pipelines.

vuln-scout

Stats

LanguagePython

Stars34

Forks2

MaintenanceExcellent

Last CommitMay 25, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Model Security Scanning in Model Registries

Security Requirement

Models stored in registries SHOULD be scanned to identify malicious code within them. This is a gate control applied at the registry level, before models are distributed to inference engines.

What to Scan For

Threat

Detection Approach

Pickle-based payloads

Detect Python pickle serialization that can execute arbitrary code

Embedded executables

Scan for binary executables or scripts hidden in model files

Unsafe serialization

Flag models using formats known to allow code execution on deserialization

Anomalous file structure

Detect unexpected files or metadata within the model package

Known malware signatures

Match against known malicious model signatures

Scanning Pipeline

Model uploaded to registry → Signature verification (provenance check) → Security scanning (malicious content check) → If clean: mark as verified, make available → If suspicious: quarantine, alert security team → If malicious: reject, alert security team, log event

Implementation Checklist

Integrate model security scanning into the model ingestion pipeline

Scan for unsafe serialization formats (pickle, legacy PyTorch)

Scan for embedded executables and scripts

Quarantine models that fail scanning (do not make them available)

Alert the security team on scanning failures

Log all scanning results for audit

Update scanning rules as new model-based attack vectors are discovered

Support re-scanning of existing models when new signatures are added

Model Security Scanning in Model Registries

Security Requirement

Models stored in registries SHOULD be scanned to identify malicious code within them. This is a gate control applied at the registry level, before models are distributed to inference engines.

What to Scan For

Threat	Detection Approach
Pickle-based payloads	Detect Python pickle serialization that can execute arbitrary code
Embedded executables	Scan for binary executables or scripts hidden in model files
Unsafe serialization	Flag models using formats known to allow code execution on deserialization
Anomalous file structure	Detect unexpected files or metadata within the model package
Known malware signatures	Match against known malicious model signatures

Scanning Pipeline

Model uploaded to registry
  → Signature verification (provenance check)
  → Security scanning (malicious content check)
    → If clean: mark as verified, make available
    → If suspicious: quarantine, alert security team
    → If malicious: reject, alert security team, log event

Implementation Checklist

Integrate model security scanning into the model ingestion pipeline
Scan for unsafe serialization formats (pickle, legacy PyTorch)
Scan for embedded executables and scripts
Quarantine models that fail scanning (do not make them available)
Alert the security team on scanning failures
Log all scanning results for audit
Update scanning rules as new model-based attack vectors are discovered
Support re-scanning of existing models when new signatures are added

model-registry-model-security-scanning

Popularity

Invocation

Context Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

model-registry-model-security-scanning

Popularity

Invocation

Context Preview

SKILL.md

Model Security Scanning in Model Registries

Security Requirement

What to Scan For

Scanning Pipeline

Implementation Checklist

Similar Skills

Help us improve

Model Security Scanning in Model Registries

Security Requirement

What to Scan For

Scanning Pipeline

Implementation Checklist