Supported ML Formats

Model Format	File Extensions	Arbitrary Code Execution	Suspicious Functions	Network Requests	Denial of Service	Suspicious File Format	Decompression Vulnerabilities	Embedded Payloads	Directory Traversal	Arbitrary Read Access	Graph Payload
Cloudpickle	.pkl, .pickle	x	x	x	x	x
Dill	.dill	x	x	x	x	x
GGUF	.gguf	x
HDF5	.h5, .hdf5	x	x	x	x	x		x
JobLib	.joblib	x	x	x	x	x
Keras	.keras, .tf	x					x
NeMo	.nemo	x	x	x	x	x	x
Numpy	.npy, .npz	x	x	x	x	x
ONNX	.onnx								x	x	x
Pytorch	.pt, .bin, .zip	x	x	x	x	x
Pickle	.pkl	x	x	x	x	x
R	.rds (plain and compressed)	x
Safetensors	.safetensors						x	x
Skops	.skops	x
Tensorflow	.savedmodel, .tf, .pb						x
Zip	.zip						x

Recognized File Types

The model scanner recognizes but does not scan the following common file types.

Category	File Types
Documentation	.md (READMEs, release notes)
Code Files	.py (scripts), .js (optional), .sh (shell scripts)
Config / Metadata	.json, .yaml, .yml, .ini, .cfg
Data Files	.txt, .csv, .tsv
Git Config Files	.gitignore, .gitattrib

Unsupported Types

If Model Scanner does not support, or is unable to recognize, the type of an input file, it will emit a scan result with empty detections and results.type key set to "unknown".

[
    {
        "detections": [],
        "end_time": 1717543001759,
        "file_pointer": "/cmd/modelscan-cli/main.go",
        "results": {
            "md5": "33d1ed57c6a93d5cd910fd721c9d016e",
            "sha256": "1739c813f09d2c90ad676d318832134c22864bc1d4bf4f272b9d7971a4cea007",
            "tlsh": "3b360f42d1a3d84e8853d4c5b971a5ce2ae5cf8f87425fa1bd51bc1d4e78a18f20c8be",
            "type": "unknown"
        },
        "scan_id": "1739c813f09d2c90ad676d318832134c22864bc1d4bf4f272b9d7971a4cea007",
        "start_time": 1717543001552,
        "status": "done"
    }
]