{"id":13684145,"url":"https://github.com/trailofbits/fickling","last_synced_at":"2026-03-04T01:31:37.975Z","repository":{"id":37087238,"uuid":"331706754","full_name":"trailofbits/fickling","owner":"trailofbits","description":"A Python pickling decompiler and static analyzer","archived":false,"fork":false,"pushed_at":"2025-09-15T13:39:31.000Z","size":574,"stargazers_count":560,"open_issues_count":17,"forks_count":61,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-09-27T23:15:51.933Z","etag":null,"topics":["machine-learning","python","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-01-21T17:44:51.000Z","updated_at":"2025-09-23T15:02:52.000Z","dependencies_parsed_at":"2025-05-17T04:03:53.755Z","dependency_job_id":"cc9978e9-202e-470b-a58c-c8731328a6e6","html_url":"https://github.com/trailofbits/fickling","commit_stats":{"total_commits":117,"total_committers":9,"mean_commits":13.0,"dds":0.3846153846153846,"last_synced_commit":"648c5b2e0d0b1f13fec18052e2732a0236eea932"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/fickling","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Ffickling","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Ffickling/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Ffickling/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Ffickling/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/fickling/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Ffickling/sbom","scorecard":{"id":614780,"data":{"date":"2025-08-11","repo":{"name":"github.com/trailofbits/fickling","commit":"db0b96088b48546bc00437c8283d5410c0e59089"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.1,"checks":[{"name":"Code-Review","score":4,"reason":"Found 5/12 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude.yml:22","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude.yml:23","Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude.yml:24","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:34","Warn: no topLevel permission defined: .github/workflows/claude.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/pip-audit.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"11 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/claude.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/claude.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pip-audit.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/pip-audit.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pip-audit.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/pip-audit.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pip-audit.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/pip-audit.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/trailofbits/fickling/tests.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/pip-audit.yml:29","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:29"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"2 out of the last 2 releases have a total of 2 signed artifacts.","details":["Info: signed release artifact: fickling-0.1.3-py3-none-any.whl.sigstore: https://github.com/trailofbits/fickling/releases/tag/v0.1.3","Info: signed release artifact: fickling-0.1.2-py3-none-any.whl.sigstore: https://github.com/trailofbits/fickling/releases/tag/v0.1.2","Warn: release artifact v0.1.3 does not have provenance: https://api.github.com/repos/trailofbits/fickling/releases/148548900","Warn: release artifact v0.1.2 does not have provenance: https://api.github.com/repos/trailofbits/fickling/releases/138949115"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/trailofbits/.github/SECURITY.md:1","Info: Found linked content: github.com/trailofbits/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/trailofbits/.github/SECURITY.md:1","Info: Found text in security policy: github.com/trailofbits/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2025-18 / PYSEC-2025-19 / GHSA-655q-fx9r-782v / GHSA-769v-p64c-89pr","Warn: Project is vulnerable to: PYSEC-2025-20 / GHSA-7q5r-7gvp-wc82","Warn: Project is vulnerable to: PYSEC-2025-34 / GHSA-93mv-x874-956g","Warn: Project is vulnerable to: GHSA-9gvj-pp9x-gcfr","Warn: Project is vulnerable to: GHSA-fj43-3qmq-673f","Warn: Project is vulnerable to: GHSA-v7x6-rv5q-mhwc","Warn: Project is vulnerable to: PYSEC-2025-21 / GHSA-w8jq-xcqf-f792","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-3749-ghw9-m3mg","Warn: Project is vulnerable to: PYSEC-2025-41 / GHSA-53q9-r3pm-6pq6","Warn: Project is vulnerable to: GHSA-887c-mr87-cxwp","Warn: Project is vulnerable to: PYSEC-2024-259"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 27 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T03:36:37.826Z","repository_id":37087238,"created_at":"2025-08-21T03:36:37.826Z","updated_at":"2025-08-21T03:36:37.826Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278486267,"owners_count":25994941,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["machine-learning","python","security"],"created_at":"2024-08-02T14:00:27.065Z","updated_at":"2025-10-05T16:45:43.267Z","avatar_url":"https://github.com/trailofbits.png","language":"Python","readme":"# Fickling\n\n![Fickling image](./fickling_image.png)\n\nFickling is a decompiler, static analyzer, and bytecode rewriter for Python\n[pickle](https://docs.python.org/3/library/pickle.html) object serializations.\nYou can use fickling to detect, analyze, reverse engineer, or even create\nmalicious pickle or pickle-based files, including PyTorch files.\n\nFickling can be used both as a **python library** and a **CLI**.\n\n* [Installation](#installation)\n* [Securing AI/ML environments](#securing-aiml-environments)\n* [Generic malicious file detection](#generic-malicious-file-detection)\n* [Advanced usage](#advanced-usage)\n  * [Trace pickle execution](#trace-pickle-execution)\n  * [Pickle code injection](#pickle-code-injection)\n  * [Pickle decompilation](#pickle-decompilation)\n  * [PyTorch polyglots](#pytorch-polyglots)\n* [More information](#more-information)\n* [Contact](#contact)\n\n## Installation\n\nFickling has been tested on Python 3.9 through Python 3.13 and has very few dependencies.\nBoth the library and command line utility can be installed through pip or uv:\n\n```bash\n# Using pip\npython -m pip install fickling\n\n# Using uv\nuv pip install fickling\n```\n\nPyTorch is an optional dependency of Fickling. Therefore, in order to use Fickling's `pytorch`\nand `polyglot` modules, you should run:\n\n```bash\n# Using pip\npython -m pip install fickling[torch]\n\n# Using uv\nuv pip install fickling[torch]\n```\n\n## Securing AI/ML environments\n\nFickling can help securing AI/ML codebases by automatically scanning pickle files contained in\nmodels. Fickling hooks the pickle module and verifies imports made when loading a model. It only\nchecks the imports against an allowlist of imports from ML libraries that are considered safe, and blocks files that contain other imports.\n\nTo enable Fickling security checks simply run the following lines once in your process, before loading any AI/ML models:\n\n```python\nimport fickling\n# This sets global hooks on pickle\nfickling.hook.activate_safe_ml_environment()\n```\n\nTo remove the protection:\n\n```python\nfickling.hook.deactivate_safe_ml_environment()\n```\n\nIt is possible that the models you are using contain imports that aren't allowed by Fickling. If you still want to load the model, you can simply allow additional imports for your specific use-case with the `also_allow` argument:\n\n```python\nfickling.hook.activate_safe_ml_environment(also_allow=[\n    \"some.import\",\n    \"another.allowed.import\",\n])\n```\n\n**Important**: You should always make sure that manually added imports are actually safe and can not enable attackers to execute arbitrary code. If you are unsure on how to do that, you can open an issue on Fickling's Github repository that indicates the imports/models in question, and our team can review them and include them in the allow list if possible.\n\n## Generic malicious file detection\n\nFickling can seamlessly be integrated into your codebase to detect and halt the loading of malicious\nfiles at runtime.\n\nBelow we show the different ways you can use fickling to enforce safety checks on pickle files.\nUnder the hood, it hooks the `pickle` library to add safety checks so that loading a pickle file\nraises an `UnsafeFileError` exception if malicious content is detected in the file.\n\n#### Option 1 (recommended): check safety of all pickle files loaded\n\n```python\n# This enforces safety checks every time pickle.load() is used\nfickling.always_check_safety()\n\n# Attempt to load an unsafe file now raises an exception\nwith open(\"file.pkl\", \"rb\") as f:\n    try:\n        pickle.load(f)\n    except fickling.UnsafeFileError:\n        print(\"Unsafe file!\")\n```\n\n#### Option 2: use a context manager\n\n```python\nwith fickling.check_safety():\n    # All pickle files loaded within the context manager are checked for safety\n    try:\n        with open(\"file.pkl\", \"rb\") as f:\n            pickle.load(\"file.pkl\")\n    except fickling.UnsafeFileError:\n        print(\"Unsafe file!\")\n\n# Files loaded outside of context manager are NOT checked\npickle.load(\"file.pkl\")\n```\n\n#### Option 3: check and load a single file\n\n```python\n# Use fickling.load() in place of pickle.load() to check safety and load a single pickle file\ntry:\n    fickling.load(\"file.pkl\")\nexcept fickling.UnsafeFileError as e:\n    print(\"Unsafe file!\")\n```\n\n#### Option 4: only check pickle file safety without loading\n\n```python3\n# Perform a safety check on a pickle file without loading it\nif not fickling.is_likely_safe(\"file.pkl\"):\n    print(\"Unsafe file!\")\n```\n\n#### Accessing the safety analysis results\n\nYou can access the details of fickling's safety analysis from within the raised exception:\n\n```python\n\n\u003e\u003e\u003e try:\n...     fickling.load(\"unsafe.pkl\")\n... except fickling.UnsafeFileError as e:\n...     print(e.info)\n\n{\n    \"severity\": \"OVERTLY_MALICIOUS\",\n    \"analysis\": \"Call to `eval(b'[5, 6, 7, 8]')` is almost certainly evidence of a malicious pickle file. Variable `_var0` is assigned value `eval(b'[5, 6, 7, 8]')` but unused afterward; this is suspicious and indicative of a malicious pickle file\",\n    \"detailed_results\": {\n        \"AnalysisResult\": {\n            \"OvertlyBadEval\": \"eval(b'[5, 6, 7, 8]')\",\n            \"UnusedVariables\": [\n                \"_var0\",\n                \"eval(b'[5, 6, 7, 8]')\"\n            ]\n        }\n    }\n}\n```\n\nIf you are using another language than Python, you can still use fickling's `CLI` to\nsafety-check pickle files:\n\n```console\nfickling --check-safety -p pickled.data\n```\n\n## Advanced usage\n\n### Trace pickle execution\n\nFickling's `CLI` allows to safely trace the execution of the Pickle virtual machine without\nexercising any malicious code:\n\n```console\nfickling --trace file.pkl\n```\n\n### Pickle code injection\n\nFickling allows to inject arbitrary code in a pickle file that will run every time the file is loaded\n\n```console\nfickling --inject \"print('Malicious')\" file.pkl \u003e malicious.pkl\n```\n\n### Pickle decompilation\n\nFickling can be used to decompile a pickle file for further analysis\n\n```python\n\u003e\u003e\u003e import ast, pickle\n\u003e\u003e\u003e from fickling.fickle import Pickled\n\u003e\u003e\u003e fickled_object = Pickled.load(pickle.dumps([1, 2, 3, 4]))\n\u003e\u003e\u003e print(ast.dump(fickled_object.ast, indent=4))\nModule(\n    body=[\n        Assign(\n            targets=[\n                Name(id='result', ctx=Store())],\n            value=List(\n                elts=[\n                    Constant(value=1),\n                    Constant(value=2),\n                    Constant(value=3),\n                    Constant(value=4)],\n                ctx=Load()))],\n    type_ignores=[])\n```\n\n### PyTorch polyglots\n\nPyTorch contains multiple file formats with which one can make polyglot files, which\nare files that can be validly interpreted as more than one file format.\nFickling supports identifying, inspecting, and creating polyglots with the\nfollowing PyTorch file formats:\n\n* **PyTorch v0.1.1**: Tar file with sys_info, pickle, storages, and tensors\n* **PyTorch v0.1.10**: Stacked pickle files\n* **TorchScript v1.0**: ZIP file with model.json\n* **TorchScript v1.1**: ZIP file with model.json and attributes.pkl\n* **TorchScript v1.3**: ZIP file with data.pkl and constants.pkl\n* **TorchScript v1.4**: ZIP file with data.pkl, constants.pkl, and version set at 2 or higher (2 pickle files and a folder)\n* **PyTorch v1.3**: ZIP file containing data.pkl (1 pickle file)\n* **PyTorch model archive format[ZIP]**: ZIP file that includes Python code files and pickle files\n\n```python\n\u003e\u003e import torch\n\u003e\u003e import torchvision.models as models\n\u003e\u003e from fickling.pytorch import PyTorchModelWrapper\n\u003e\u003e model = models.mobilenet_v2()\n\u003e\u003e torch.save(model, \"mobilenet.pth\")\n\u003e\u003e fickled_model = PyTorchModelWrapper(\"mobilenet.pth\")\n\u003e\u003e print(fickled_model.formats)\nYour file is most likely of this format:  PyTorch v1.3\n['PyTorch v1.3']\n```\n\nCheck out [our examples](https://github.com/trailofbits/fickling/tree/master/example)\nto learn more about using fickling!\n\n## More information\n\nPickled Python objects are in fact bytecode that is interpreted by a stack-based\nvirtual machine built into Python called the \"Pickle Machine\". Fickling can take\npickled data streams and decompile them into human-readable Python code that,\nwhen executed, will deserialize to the original serialized object. This is made\npossible by Fickling’s custom implementation of the PM. Fickling is safe to run\non potentially malicious files because its PM symbolically executes code rather\nthan overtly executing it.\n\nThe authors do not prescribe any meaning to the “F” in Fickling; it could stand\nfor “fickle,” … or something else. Divining its meaning is a personal journey\nin discretion and is left as an exercise to the reader.\n\nLearn more about fickling in our\n[blog post](https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/)\nand [DEF CON AI Village 2021 talk](https://www.youtube.com/watch?v=bZ0m_H_dEJI).\n\n## Contact\n\nIf you'd like to file a bug report or feature request, please use our\n[issues](https://github.com/trailofbits/fickling/issues) page.\nFeel free to contact us or reach out in\n[Empire Hacking](https://slack.empirehacking.nyc/) for help using or extending fickling.\n\n## License\n\nThis utility was developed by [Trail of Bits](https://www.trailofbits.com/).\nIt is licensed under the [GNU Lesser General Public License v3.0](LICENSE).\n[Contact us](mailto:opensource@trailofbits.com) if you're looking for an\nexception to the terms.\n\n© 2021, Trail of Bits.\n","funding_links":[],"categories":["Security tools and techniques","[↑](#table-of-contents)Tools \u003ca name=\"tools\"\u003e\u003c/a\u003e","Detection and Scanning Tools","Defense \u0026 Security Controls"],"sub_categories":["Model backdoors","Model Artifact Scanners","Open Source Tools","Model \u0026 Artifact Scanning"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Ffickling","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Ffickling","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Ffickling/lists"}