{"id":24236,"library":"picklescan","title":"PickleScan","description":"A security scanner that detects malicious Pickle files by analyzing the bytecode for suspicious operations like arbitrary code execution, file I/O, and import of dangerous modules. Version 1.0.4, released monthly.","status":"active","version":"1.0.4","language":"python","source_language":"en","source_url":"https://github.com/mmaitre314/picklescan","tags":["security","pickle","scanner","malware-detection"],"install":[{"cmd":"pip install picklescan","lang":"bash","label":"Standard install"}],"dependencies":[],"imports":[{"note":"","wrong":"","symbol":"scan_pickle_file","correct":"from picklescan.scanner import scan_pickle_file"},{"note":"","wrong":"","symbol":"scan_pytorch_file","correct":"from picklescan.scanner import scan_pytorch_file"}],"quickstart":{"code":"from picklescan.scanner import scan_pickle_file\n\nresult = scan_pickle_file(\"model.pkl\")\nif result.issues:\n    print(\"Dangerous pickle detected!\")\nelse:\n    print(\"File appears safe\")","lang":"python","description":"Scan a pickle file for malicious opcodes."},"warnings":[{"fix":"Always verify the source of pickle files and use sandboxing if possible.","message":"PickleScan is a detection tool, not a prevention tool. It can be bypassed by sophisticated attackers. Do not rely on it as the sole security measure.","severity":"breaking","affected_versions":"all"},{"fix":"Use the documented CLI or the official `scan_pickle_file` / `scan_pytorch_file` functions.","message":"Importing `picklescan.scanner` directly may cause confusion; the module is not publicly documented as stable API. Changes in internal module structure can break imports.","severity":"deprecated","affected_versions":">=0.0.31"},{"fix":"Update to the latest version regularly and combine with other security measures.","message":"The scanner may produce false negatives for obfuscated payloads. Some bypasses have been patched but new ones may exist.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run `pip install picklescan`.","cause":"Library not installed.","error":"ModuleNotFoundError: No module named 'picklescan'"},{"fix":"Upgrade to the latest version: `pip install --upgrade picklescan`.","cause":"Old version of picklescan does not have the public function (added in v0.0.35).","error":"ImportError: cannot import name 'scan_pickle_file' from 'picklescan'"},{"fix":"Use the command line: `picklescan --help` or run as module: `python -m picklescan`.","cause":"Attempting to run CLI via Python script incorrectly.","error":"AttributeError: module 'picklescan' has no attribute 'main'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}