Metadata Extraction Guide
June 4, 2026 ยท View on GitHub
Use modelaudit metadata to inspect model metadata without running a full security scan.
Safe defaults
By default, metadata extraction does not deserialize model objects. This is safer for untrusted artifacts and should be your default workflow.
modelaudit metadata model.safetensors
Common usage
# Directory summary + per-file metadata (table output)
modelaudit metadata ./models
# JSON output for automation
modelaudit metadata ./models --format json --output metadata.json
# YAML output
modelaudit metadata model.onnx --format yaml
# Security-focused metadata fields only
modelaudit metadata model.onnx --security-only
Directory limits
Directory metadata extraction stops after 10,000 file entries, 20,000 total filesystem entries,
1 GiB of aggregate file size, or 64 directory levels. When a limit is reached, table output shows
an incomplete-extraction warning. JSON and YAML output include analysis_incomplete: true,
scan_outcome: inconclusive, and a budget_events list describing the exceeded limit.
Special filesystem entries such as named pipes and sockets, including symlinks to those entries, are reported as errors and are not opened or sent to scanners. Regular files and in-directory symlinks to regular files remain eligible for metadata extraction.
Trusting loaders (advanced)
--trust-loaders allows scanner metadata loaders that may deserialize model content.
Only use this for trusted artifacts, and only in isolated environments.
modelaudit metadata model.pkl --trust-loaders
Notes
modelaudit metadatasupports both files and directories.- Unknown or unsupported files are reported with
format: unknown. - For full detection coverage (CVE checks, suspicious patterns, and policy outcomes), use
modelaudit scan.