daemon-blockint-tech/modelaudit — reverse-engineered prompt

Build me a command line security scanner for AI and machine learning model files called ModelAudit.

I want it to scan model files or whole folders without ever loading or executing the model, then clearly report anything risky before someone deploys it. It should detect things like malicious pickle code, unsafe PyTorch files, suspicious tensors or backdoor signs, embedded secrets, URLs or IP addresses, dangerous archive contents, unsafe TensorFlow or Keras features, suspicious configs, and supply chain issues.

It should support common model formats like pickle, PyTorch, SafeTensors, ONNX, TensorFlow, Keras, GGUF, NumPy, Joblib, archives, JSON and YAML metadata, and model cards. It should also be able to scan remote model sources like Hugging Face URLs and cloud storage style paths if possible.

Please make it useful in CI with normal console output, JSON output, SARIF output, strict mode, meaningful exit codes, and scanner selection. Include tests, docs, examples, Docker support, and a sample config file. Use Python 3.10 or newer and look up current docs online if needed.