How it works

1. Upload a file (GGUF/ONNX) or provide a Hugging Face repo/file path.
2. We stream the upload, compute SHA256, and parse headers/graphs safely (no model execution).
3. We correlate metadata with public CVE sources where applicable.
4. We generate a clean HTML report plus a machine-readable .llmscan JSON.
5. We provide next steps (e.g., update, isolate, validate, rebuild).

Findings vs. Suspicions

A “finding” is a concrete property (e.g., external data reference). A “suspicion” is a heuristic that warrants review.

Safety

Scanning is static and sandboxed; we do not run arbitrary code from model files.