Hugging Face's logo

zamaanahmed
/
mfv-numpy-npz-poc

security-research
mfv
scanner-bypass
npz
Model card Files
xet
 Community

NumPy (.npz) MFV PoC β€” Authorized Security Research

Authorization: huntr.com / Protect AI MFV bug bounty program. All work local in a Python venv. Responsible disclosure only. Human-submitted.

Summary

Format: NumPy (.npz) Bypass: picklescan 1.0.4 + modelscan 0.8.8 Modes bypassed: all 4 (direct + directory scan for both scanners) RCE via: joblib.load('malicious.npz') Technique: bzip2-compressed joblib payload Tested: 2026-06-25

Files

  • malicious.npz β€” bzip2-compressed joblib payload with .npz extension
  • poc-npz.py β€” reproduction script
  • README.md β€” this file

Reproduction 

pip install picklescan modelscan joblib

python3 poc-npz.py

picklescan -p malicious.npz
picklescan -p .
modelscan  -p malicious.npz
modelscan  -p .

python3 -c "
import joblib
print('--- BEFORE LOAD ---')
joblib.load('malicious.npz')
print('--- AFTER LOAD ---')
"
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support