Skill

model-security-scanning

Scans AI models for malicious elements before loading in inference engines. Detects unsafe formats like pickle, backdoored models, and embedded scripts.

Python

security

ai-ml

npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skills

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/prodsec-skills:model-security-scanning

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Inference engines SHOULD scan models for malicious elements before loading them. This is a defense-in-depth control that complements signature verification.

SKILL.md

44 lines · ~519 tokens

Similar Skills

model-registry-model-security-scanning

Scan models for malicious code in model registries. Use when building, configuring, or reviewing model registry security, model ingestion pipelines, or model validation workflows.

prodsec-skills

AI/ML Attack Surface

Detects AI/ML security vulnerabilities like unsafe model deserialization in PyTorch/Joblib/NumPy, prompt injection in LLM prompts, and risks in Jupyter notebooks or ML pipelines.

vuln-scout

llm-supply-chain

Detects compromised models from unverified sources, floating tags, and unreviewed registries with checksum verification, pinned revisions, and approval gates.

soundcheck

Stats

LanguagePython

Stars34

Forks2

MaintenanceExcellent

Last CommitMay 25, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Model Security Scanning in Inference Engines

Security Recommendation

Inference engines SHOULD scan models for malicious elements before loading them. This is a defense-in-depth control that complements signature verification.

Threats Detected by Scanning

Threat

Description

Malicious code in weights

Some weight formats (e.g., Python pickle) can embed arbitrary executable code

Backdoored models

Models with hidden behaviors triggered by specific inputs

Embedded scripts

Configuration files or metadata containing executable payloads

Unsafe serialization formats

Formats that execute code during deserialization

Unsafe Weight Formats

The inference engine SHOULD advise against or refuse to load weight formats that can include malicious code:

Format

Risk Level

Recommendation

Python pickle (.pkl, .pickle)

High

Avoid; can execute arbitrary Python code on load

PyTorch legacy (.pt, .pth using pickle)

High

Prefer SafeTensors format instead

SafeTensors (.safetensors)

Low

Preferred; no code execution during deserialization

GGUF

Low

Safe format for quantized models

ONNX

Medium

Generally safe but verify custom operators

Implementation Checklist

Implement model scanning in the model loading pipeline

Detect and flag unsafe serialization formats (pickle-based weights)

Prefer SafeTensors or other safe formats; warn or block unsafe formats

Scan model metadata and configuration files for embedded scripts

Log scanning results as security events

Allow security teams to configure scanning policies (warn vs. block)

Integrate with model registry scanning if available