---
license: apache-2.0
language:
- en
tags:
- security
- skillscan
- prompt-injection
- skill-file-analysis
- llama-cpp
- gguf
base_model: Qwen/Qwen2.5-1.5B-Instruct
pipeline_tag: text-generation
---

# SkillScan Detector v4

A fine-tuned [Qwen2.5-1.5B-Instruct](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct) model for detecting security threats in AI agent skill files.

## What it does

Analyzes AI agent skill files (.md) and outputs structured JSON with:
- **Verdict**: benign or malicious
- **Labels**: specific attack types detected
- **Confidence**: 0-1 score
- **Reasoning**: human-readable explanation citing evidence from the text

## Attack types detected

| Class | F1 | Precision | Recall |
|---|---|---|---|
| path_traversal | 0.857 | 0.882 | 0.833 |
| social_engineering | 0.857 | 0.750 | 1.000 |
| prompt_injection | 0.474 | 0.941 | 0.317 |
| code_injection | 0.424 | 0.438 | 0.412 |
| supply_chain | 0.340 | 0.258 | 0.500 |
| evasion | 0.308 | 0.182 | 1.000 |
| data_exfiltration | 0.148 | 0.080 | 1.000 |

**Macro F1: 0.487** | Verdict accuracy: 85.2% | Parse failures: 1.2%

## Usage with llama-cpp-python

Requirement already satisfied: llama-cpp-python in /opt/homebrew/lib/python3.11/site-packages (0.3.20)
Requirement already satisfied: typing-extensions>=4.5.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (4.15.0)
Requirement already satisfied: numpy>=1.20.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (1.26.4)
Requirement already satisfied: diskcache>=5.6.1 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (5.6.3)
Requirement already satisfied: jinja2>=2.11.3 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (3.1.4)
Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2>=2.11.3->llama-cpp-python) (2.0.1)

Download the GGUF model:
[33m⚠️  Warning: 'huggingface-cli download' is deprecated. Use 'hf download' instead.[0m


## Model details

- **Base model**: Qwen/Qwen2.5-1.5B-Instruct (Apache 2.0)
- **Fine-tuning**: QLoRA (r=32, alpha=64) on 20,035 teacher-distilled examples
- **Teachers**: Claude Sonnet + GPT-4o (structured security analysis)
- **Quantization**: GGUF Q4_K_M (935 MB)
- **Inference**: CPU-only via llama.cpp, ~2-4s per file
- **License**: Apache 2.0

## Files

| File | Size | Description |
|---|---|---|
|  | 935 MB | Quantized model for CPU inference |
|  | 3.1 GB | Full FP16 weights |

## Part of SkillScan

This model is used by [skillscan-security](https://github.com/kurtpayne/skillscan-security), the open-source CLI scanner for AI agent skill files.

Requirement already satisfied: skillscan-security[ml] in /opt/homebrew/lib/python3.11/site-packages (0.8.0)
Requirement already satisfied: typer>=0.12.3 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.15.1)
Requirement already satisfied: rich>=13.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (14.3.3)
Requirement already satisfied: pydantic>=2.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.9.2)
Requirement already satisfied: pyyaml>=6.0.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (6.0.1)
Requirement already satisfied: nltk>=3.9.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (3.9.1)
Requirement already satisfied: transformers>=4.40.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (5.5.1)
Requirement already satisfied: torch>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.6.0)
Requirement already satisfied: peft>=0.9.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.14.0)
Requirement already satisfied: click in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (8.1.7)
Requirement already satisfied: joblib in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (1.4.2)
Requirement already satisfied: regex>=2021.8.3 in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (2026.4.4)
Requirement already satisfied: tqdm in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (4.67.0)
Requirement already satisfied: numpy>=1.17 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.26.4)
Requirement already satisfied: packaging>=20.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (24.2)
Requirement already satisfied: psutil in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (6.1.0)
Requirement already satisfied: accelerate>=0.21.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.1.1)
Requirement already satisfied: safetensors in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (0.4.5)
Requirement already satisfied: huggingface-hub>=0.25.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.10.1)
Requirement already satisfied: annotated-types>=0.6.0 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (0.7.0)
Requirement already satisfied: pydantic-core==2.23.4 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (2.23.4)
Requirement already satisfied: typing-extensions>=4.6.1 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (4.15.0)
Requirement already satisfied: markdown-it-py>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (3.0.0)
Requirement already satisfied: pygments<3.0.0,>=2.13.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (2.18.0)
Requirement already satisfied: filelock in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.25.2)
Requirement already satisfied: networkx in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.4.2)
Requirement already satisfied: jinja2 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.1.4)
Requirement already satisfied: fsspec in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (2024.9.0)
Requirement already satisfied: sympy==1.13.1 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (1.13.1)
Requirement already satisfied: mpmath<1.4,>=1.1.0 in /opt/homebrew/lib/python3.11/site-packages (from sympy==1.13.1->torch>=2.2.0->skillscan-security[ml]) (1.3.0)
Requirement already satisfied: tokenizers<=0.23.0,>=0.22.0 in /opt/homebrew/lib/python3.11/site-packages (from transformers>=4.40.0->skillscan-security[ml]) (0.22.2)
Requirement already satisfied: shellingham>=1.3.0 in /opt/homebrew/lib/python3.11/site-packages (from typer>=0.12.3->skillscan-security[ml]) (1.5.4)
Requirement already satisfied: hf-xet<2.0.0,>=1.4.3 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.4.3)
Requirement already satisfied: httpx<1,>=0.23.0 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.27.2)
Requirement already satisfied: mdurl~=0.1 in /opt/homebrew/lib/python3.11/site-packages (from markdown-it-py>=2.2.0->rich>=13.7.1->skillscan-security[ml]) (0.1.2)
Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2->torch>=2.2.0->skillscan-security[ml]) (2.0.1)
Requirement already satisfied: anyio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (4.6.2.post1)
Requirement already satisfied: certifi in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (2024.8.30)
Requirement already satisfied: httpcore==1.* in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.0.7)
Requirement already satisfied: idna in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (3.10)
Requirement already satisfied: sniffio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.3.1)
Requirement already satisfied: h11<0.15,>=0.13 in /opt/homebrew/lib/python3.11/site-packages (from httpcore==1.*->httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.14.0)
intel refresh updated=9 skipped=0 errors=0
Scan failed: Target does not exist: path/to/skill