# Modelscan
It's not just the code we want to check, we also want to make sure our model doesn't have any vurnabilities.  
This can come from finetuning on an already exposed model or if you are using techniques that makes your model especially easy to steal data from.  
Luckily, HuggingFace does some scanning, but they don't cover everything. You can read more about that [here](https://huggingface.co/docs/hub/en/security)

Here we will use Modelscan, which is a great library for checking that there is no hidden code inside the model, among other things.

First we install the package and silence some CUDA warnings.

In [None]:
!pip -q install modelscan[tensorflow]
%env TF_CPP_MIN_LOG_LEVEL=3

Let's download a totally safe model from a nice [github page](https://github.com/rhoai-mlops/happy_safe_model) we found! ðŸ™Œ


In [None]:
!wget https://github.com/rhoai-mlops/happy-safe-model/raw/main/totally_safe_model.keras
!modelscan -p totally_safe_model.keras

As we can see from the output, the model was detected as potentially dangerous ðŸ˜±  
It got a severity of Medium and description: `Use of unsafe operator 'Lambda' from module 'Keras'`.  
In this case, we sneaked in an additional layer in the model that can execute essentially any code we want.

Now let's scan our model to make sure that one is at least safe:

In [None]:
!modelscan -p ../2-dev_datascience/models/jukebox/1/model.keras

Phew.. No issues found with this one ðŸ˜…  
We can also scan our model artifacts. Pickle files are particularily dangerous as they can package arbitrary code:

In [None]:
!modelscan -p ../2-dev_datascience/models/jukebox/1/artifacts

Now that we have scanned our models, we can feel more confident in putting them in production!