Stats
Actions
Tags
From prodsec-skills
Scans AI models for malicious elements before loading in inference engines. Detects unsafe formats like pickle, backdoored models, and embedded scripts.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:model-security-scanningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Inference engines SHOULD scan models for malicious elements before loading them. This is a defense-in-depth control that complements signature verification.
Inference engines SHOULD scan models for malicious elements before loading them. This is a defense-in-depth control that complements signature verification.
| Threat | Description |
|---|---|
| Malicious code in weights | Some weight formats (e.g., Python pickle) can embed arbitrary executable code |
| Backdoored models | Models with hidden behaviors triggered by specific inputs |
| Embedded scripts | Configuration files or metadata containing executable payloads |
| Unsafe serialization formats | Formats that execute code during deserialization |
The inference engine SHOULD advise against or refuse to load weight formats that can include malicious code:
| Format | Risk Level | Recommendation |
|---|---|---|
Python pickle (.pkl, .pickle) | High | Avoid; can execute arbitrary Python code on load |
PyTorch legacy (.pt, .pth using pickle) | High | Prefer SafeTensors format instead |
SafeTensors (.safetensors) | Low | Preferred; no code execution during deserialization |
| GGUF | Low | Safe format for quantized models |
| ONNX | Medium | Generally safe but verify custom operators |
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsScan models for malicious code in model registries. Use when building, configuring, or reviewing model registry security, model ingestion pipelines, or model validation workflows.
Detects AI/ML security vulnerabilities like unsafe model deserialization in PyTorch/Joblib/NumPy, prompt injection in LLM prompts, and risks in Jupyter notebooks or ML pipelines.
Detects compromised or backdoored models from unverified sources, floating tags, or unreviewed registries. Use when downloading pre-trained models, loading from registries, integrating third-party LLM providers, or managing automated model updates.