UnitOneAI · exodusubuntu-tech · Jun 7, 2026
diff --git a/skills/ai-security/model-supply-chain/README.md b/skills/ai-security/model-supply-chain/README.md
@@ -0,0 +1,15 @@
+# Model Supply Chain
+This skill checks for potential model supply chain vulnerabilities in the code.
+
+## Patterns
+The skill looks for the following patterns:
+* `from_pretrained` with unpinned revisions
+* `trust_remote_code=True`
+* `snapshot_download` with pinned revisions
+* `ollama pull` with unverified repositories
+
+## Confidence
+The skill has a high confidence level when it detects any of the above patterns.
+
+## Description
+The skill checks for potential model supply chain vulnerabilities in the code. It looks for patterns that may indicate a vulnerability, such as using unpinned revisions or trusting remote code. If any of these patterns are found, the skill will report a high-confidence issue.
diff --git a/skills/ai-security/model-supply-chain/model_supply_chain.py b/skills/ai-security/model-supply-chain/model_supply_chain.py
@@ -0,0 +1,29 @@
+import re
+from skills import Skill
+
+class ModelSupplyChain(Skill):
+    def __init__(self):
+        super().__init__()
+        self.patterns = [
+            # Existing patterns...
+            r"from_pretrained\([^)]*,\s*revision=[\"']?(main|latest)[\"']?",
+            r"trust_remote_code\s*=\s*True",
+            r"snapshot_download\([^)]*,\s*revision=[\"']?[a-f0-9]{40}[\"']?",
+            r"ollama pull [^ ]+:[^ ]+",
+        ]
+
+    def audit(self, code):
+        issues = []
+        for pattern in self.patterns:
+            if re.search(pattern, code):
+                issues.append({
+                    "type": "Model Supply Chain",
+                    "confidence": "High",
+                    "description": "Potential model supply chain vulnerability",
+                })
+        return issues
+
+    def fix(self, code):
+        # Implement fix logic here
+        # For now, just return the original code
+        return code
diff --git a/skills/ai-security/model-supply-chain/tests/test_model_supply_chain.py b/skills/ai-security/model-supply-chain/tests/test_model_supply_chain.py
@@ -0,0 +1,25 @@
+import unittest
+from skills.ai_security.model_supply_chain.model_supply_chain import ModelSupplyChain
+
+class TestModelSupplyChain(unittest.TestCase):
+    def test_audit(self):
+        skill = ModelSupplyChain()
+        code = """
+from transformers import AutoModelForCausalLM
+model = AutoModelForCausalLM.from_pretrained("research-lab/custom-architecture-llm", revision="main")
+"""
+        issues = skill.audit(code)
+        self.assertEqual(len(issues), 1)
+        self.assertEqual(issues[0]["type"], "Model Supply Chain")
+
+    def test_fix(self):
+        skill = ModelSupplyChain()
+        code = """
+from transformers import AutoModelForCausalLM
+model = AutoModelForCausalLM.from_pretrained("research-lab/custom-architecture-llm", revision="main")
+"""
+        fixed_code = skill.fix(code)
+        self.assertEqual(fixed_code, code)
+
+if __name__ == "__main__":
+    unittest.main()