# Quick Start To start scanning the model files, simply install palisade package and start running the scans ```bash pip install palisade ``` Run your first scan ```bash # Scan a single file palisade scan model.safetensors # Scan a directory recursively palisade scan ./huggingface_cache --recursive ``` ### See It In Action #### The "Clean" Scan Palisade validates metadata, tensors, and genealogy in seconds. ```bash $ palisade scan test_models/performance/tiny/model.safetensors ✓ Using built-in default policy Scanning: test_models/performance/tiny/model.safetensors Size: 2098.20 MB Policy: Default security policy 2025-12-08 11:25:47,537 - INFO - Pattern compilation success rate: 100.0% (66/66) Using streaming validation ... 🔍 Running security validators... ✅ Metadata - Clean (0.28s) ✅ ModelGenealogy - Clean (0.24s) ✅ Provenance - Clean (0.25s) ✅ BufferOverflow - Clean (13.34s) ✅ Tokenizer - Clean (0.00s) ✅ DecompressionBomb - Clean (0.00s) ✅ Model - Clean (16.73s) ✅ SupplyChain - Clean (16.55s) ✅ Behavior - Clean (8.75s) ✅ ToolCall - Clean (14.86s) ✅ Backdoor - Clean (10.40s) ✅ LoRAAdapter - Clean (1.09s) ✅ Safetensors - Clean (16.25s) 📊 Validation complete - No issues found (62.5 MB/s) 2025-12-08 11:26:21,110 - INFO - Applying policy evaluation (environment: default) 2025-12-08 11:26:21,110 - INFO - Policy evaluation complete - Overall effect: allow ╭──────────────────────────── 📄 Palisade Security Scan ─────────────────────────╮ │ model.safetensors │ │ test_models/performance/tiny/model.safetensors │ ╰────────────────────────────────────────────────────────────────────────────────╯ ✅ CLEAN: model.safetensors Scan Time 33.58s Validators 13 Memory Used 35.1 MB Warnings 0 ✅ No security threats detected ╭───────────────────────────── 🛡️ Policy Decision ────────────────────────────────╮ │ ✅ ALLOWED │ │ │ │ Environment: default │ │ Model passed policy checks. │ ╰─────────────────────────────────────────────────────────────────────────────────╯ ✅ Model passed all security checks ``` #### **Malicious Scan (Blocked):** ```bash $ palisade scan examples/models/gemma-3-270m/model_metadata_injection.safetensors ✓ Using built-in default policy Scanning: examples/models/gemma-3-270m/model_metadata_injection.safetensors Size: 511.38 MB Policy: Default security policy 2025-12-08 11:37:36,052 - INFO - Pattern compilation success rate: 100.0% (66/66) Using streaming validation ... 🔍 Running security validators... ✅ Metadata - Clean (0.24s) ✅ ModelGenealogy - Clean (0.13s) ✅ Provenance - Clean (0.07s) ✅ BufferOverflow - Clean (2.28s) ✅ Tokenizer - Clean (0.00s) ✅ DecompressionBomb - Clean (0.00s) ✅ Model - Clean (2.51s) ✅ SupplyChain - 1 warnings found (2.47s) ✅ Safetensors - 1 warnings found (0.00s) 2025-12-08 11:37:38,966 - INFO - Suspicious patterns detected in model header (score: 0.300) 2025-12-08 11:37:38,977 - INFO - Found 5 textual pattern matches in chunk 0 2025-12-08 11:37:38,977 - INFO - Match 0: code_injection - eval\s*\( -> 'eval(' 2025-12-08 11:37:38,977 - INFO - Match 1: code_injection - os\.system -> 'os.system' 2025-12-08 11:37:38,977 - INFO - Match 2: code_injection - system\s*\( -> 'system(' ✅ Behavior - 1 warnings found (1.79s) ✅ Backdoor - 2 warnings found (1.46s) ✅ LoRAAdapter - Clean (0.35s) ✅ ToolCall - 1 warnings found (2.05s) 📊 Validation complete - 6 warnings found (112.1 MB/s) 2025-12-08 11:37:40,616 - INFO - Applying policy evaluation (environment: default) 2025-12-08 11:37:40,618 - INFO - Policy evaluation complete - Overall effect: deny ╭──────────────────────────────────────── 📄 Palisade Security Scan ──────────────────────╮ │ model_metadata_injection.safetensors │ │ examples/models/gemma-3-270m/model_metadata_injection.safetensors │ ╰─────────────────────────────────────────────────────────────────────────────────────────╯ 🔍 SUSPICIOUS: model_metadata_injection.safetensors Scan Time 4.58s Validators 13 Memory Used 38.8 MB Warnings 6 🔍 Security Analysis (6 warnings) 🔴 HIGH (2) 1. supply_chain_malicious_functions Malicious functions detected: eval, os_system, system 2. privilege_escalation_detected Privilege escalation patterns detected: enhanced_capabilities 🟡 MEDIUM (4) 1. safetensors_streaming_header_error Failed to parse JSON header: EOF while parsing a string at line 1 column 26696 2. backdoor_suspicious_header_patterns Suspicious patterns detected in model header (score: 0.300) 3. backdoor_textual_patterns_in_chunk Suspicious textual patterns found in chunk at offset 0 4. toolcall_suspicious_parameters Suspicious parameters: pipe_to_sh (1 matches in 511.4MB model) ╭───────────────────────────────── 🛡️ Policy Decision ────────────────────────────────────────╮ │ ⛔ BLOCKED BY POLICY │ │ │ │ Environment: default │ │ This model violates security policy and cannot be used. │ │ Review the warnings above to understand why. │ ╰─────────────────────────────────────────────────────────────────────────────────────────────╯ 📋 Recommendations • ⛔ BLOCKED BY POLICY - Do not use this model • This model violates security policy requirements • Investigate the source and re-download from trusted source ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.highflame.ai/red-teaming/model-supply-chain-scan/quickstart.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.