kurtpayne/skillscan-detector-v4
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
main
skillscan-detector-v4/README.md
ModelHub XC a9091a34ef 初始化项目,由ModelHub XC社区提供模型 
Model: kurtpayne/skillscan-detector-v4
Source: Original Platform
2026-04-25 21:35:06 +08:00

120 lines
8.8 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
license: apache-2.0
language:
- en
tags:
- security
- skillscan
- prompt-injection
- skill-file-analysis
- llama-cpp
- gguf
base_model: Qwen/Qwen2.5-1.5B-Instruct
pipeline_tag: text-generation
---
# SkillScan Detector v4
A fine-tuned [Qwen2.5-1.5B-Instruct](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct) model for detecting security threats in AI agent skill files.
## What it does
Analyzes AI agent skill files (.md) and outputs structured JSON with:
- **Verdict**: benign or malicious
- **Labels**: specific attack types detected
- **Confidence**: 0-1 score
- **Reasoning**: human-readable explanation citing evidence from the text
## Attack types detected
| Class | F1 | Precision | Recall |
|---|---|---|---|
| path_traversal | 0.857 | 0.882 | 0.833 |
| social_engineering | 0.857 | 0.750 | 1.000 |
| prompt_injection | 0.474 | 0.941 | 0.317 |
| code_injection | 0.424 | 0.438 | 0.412 |
| supply_chain | 0.340 | 0.258 | 0.500 |
| evasion | 0.308 | 0.182 | 1.000 |
| data_exfiltration | 0.148 | 0.080 | 1.000 |
**Macro F1: 0.487** | Verdict accuracy: 85.2% | Parse failures: 1.2%
## Usage with llama-cpp-python
Requirement already satisfied: llama-cpp-python in /opt/homebrew/lib/python3.11/site-packages (0.3.20)
Requirement already satisfied: typing-extensions>=4.5.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (4.15.0)
Requirement already satisfied: numpy>=1.20.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (1.26.4)
Requirement already satisfied: diskcache>=5.6.1 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (5.6.3)
Requirement already satisfied: jinja2>=2.11.3 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (3.1.4)
Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2>=2.11.3->llama-cpp-python) (2.0.1)
Download the GGUF model:
⚠ Warning: 'huggingface-cli download' is deprecated. Use 'hf download' instead.
## Model details
- **Base model**: Qwen/Qwen2.5-1.5B-Instruct (Apache 2.0)
- **Fine-tuning**: QLoRA (r=32, alpha=64) on 20,035 teacher-distilled examples
- **Teachers**: Claude Sonnet + GPT-4o (structured security analysis)
- **Quantization**: GGUF Q4_K_M (935 MB)
- **Inference**: CPU-only via llama.cpp, ~2-4s per file
- **License**: Apache 2.0
## Files
| File | Size | Description |
|---|---|---|
| | 935 MB | Quantized model for CPU inference |
| | 3.1 GB | Full FP16 weights |
## Part of SkillScan
This model is used by [skillscan-security](https://github.com/kurtpayne/skillscan-security), the open-source CLI scanner for AI agent skill files.
Requirement already satisfied: skillscan-security[ml] in /opt/homebrew/lib/python3.11/site-packages (0.8.0)
Requirement already satisfied: typer>=0.12.3 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.15.1)
Requirement already satisfied: rich>=13.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (14.3.3)
Requirement already satisfied: pydantic>=2.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.9.2)
Requirement already satisfied: pyyaml>=6.0.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (6.0.1)
Requirement already satisfied: nltk>=3.9.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (3.9.1)
Requirement already satisfied: transformers>=4.40.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (5.5.1)
Requirement already satisfied: torch>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.6.0)
Requirement already satisfied: peft>=0.9.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.14.0)
Requirement already satisfied: click in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (8.1.7)
Requirement already satisfied: joblib in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (1.4.2)
Requirement already satisfied: regex>=2021.8.3 in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (2026.4.4)
Requirement already satisfied: tqdm in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (4.67.0)
Requirement already satisfied: numpy>=1.17 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.26.4)
Requirement already satisfied: packaging>=20.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (24.2)
Requirement already satisfied: psutil in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (6.1.0)
Requirement already satisfied: accelerate>=0.21.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.1.1)
Requirement already satisfied: safetensors in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (0.4.5)
Requirement already satisfied: huggingface-hub>=0.25.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.10.1)
Requirement already satisfied: annotated-types>=0.6.0 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (0.7.0)
Requirement already satisfied: pydantic-core==2.23.4 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (2.23.4)
Requirement already satisfied: typing-extensions>=4.6.1 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (4.15.0)
Requirement already satisfied: markdown-it-py>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (3.0.0)
Requirement already satisfied: pygments<3.0.0,>=2.13.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (2.18.0)
Requirement already satisfied: filelock in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.25.2)
Requirement already satisfied: networkx in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.4.2)
Requirement already satisfied: jinja2 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.1.4)
Requirement already satisfied: fsspec in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (2024.9.0)
Requirement already satisfied: sympy==1.13.1 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (1.13.1)
Requirement already satisfied: mpmath<1.4,>=1.1.0 in /opt/homebrew/lib/python3.11/site-packages (from sympy==1.13.1->torch>=2.2.0->skillscan-security[ml]) (1.3.0)
Requirement already satisfied: tokenizers<=0.23.0,>=0.22.0 in /opt/homebrew/lib/python3.11/site-packages (from transformers>=4.40.0->skillscan-security[ml]) (0.22.2)
Requirement already satisfied: shellingham>=1.3.0 in /opt/homebrew/lib/python3.11/site-packages (from typer>=0.12.3->skillscan-security[ml]) (1.5.4)
Requirement already satisfied: hf-xet<2.0.0,>=1.4.3 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.4.3)
Requirement already satisfied: httpx<1,>=0.23.0 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.27.2)
Requirement already satisfied: mdurl~=0.1 in /opt/homebrew/lib/python3.11/site-packages (from markdown-it-py>=2.2.0->rich>=13.7.1->skillscan-security[ml]) (0.1.2)
Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2->torch>=2.2.0->skillscan-security[ml]) (2.0.1)
Requirement already satisfied: anyio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (4.6.2.post1)
Requirement already satisfied: certifi in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (2024.8.30)
Requirement already satisfied: httpcore==1.* in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.0.7)
Requirement already satisfied: idna in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (3.10)
Requirement already satisfied: sniffio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.3.1)
Requirement already satisfied: h11<0.15,>=0.13 in /opt/homebrew/lib/python3.11/site-packages (from httpcore==1.*->httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.14.0)
intel refresh updated=9 skipped=0 errors=0
Scan failed: Target does not exist: path/to/skill
Reference in New Issue View Git Blame Copy Permalink