Hub API Endpoints - Add Malware and Pickle Scanning Attributes

[bowman-david]

Is your feature request related to a problem? Please describe.
When I load a model on huggingface.co, I can easily view any Malware or Pickle scan results. However, when calling via API (even when pulling full detail), I do not see the malware and pickle scanning attributes.

e.g.: https://huggingface.co/api/models/mcpotato/42-eicar-street returns:

{
    "_id": "621ffdc136468d709f17ddb4",
    "id": "mcpotato/42-eicar-street",
    "modelId": "mcpotato/42-eicar-street",
    "author": "mcpotato",
    "sha": "b9c253233a4bdc49df66d54d0eff878915ac086c",
    "lastModified": "2024-08-26T16:48:07.000Z",
    "private": false,
    "disabled": false,
    "gated": false,
    "tags": [
        "pytorch",
        "region:us"
    ],
    "downloads": 0,
    "likes": 0,
    "siblings": [
        {
            "rfilename": ".gitattributes"
        },
        {
            "rfilename": "build_pickles.py"
        },
        {
            "rfilename": "danger.dat"
        },
        {
            "rfilename": "eicar_test_file"
        },
        {
            "rfilename": "eicar_test_file_bis"
        },
        {
            "rfilename": "pytorch_model.bin"
        },
        {
            "rfilename": "supposedly_safe.pkl"
        },
        {
            "rfilename": "token_leak.yml"
        }
    ],
    "spaces": [],
    "createdAt": "2022-03-02T23:29:05.000Z"
}

Describe the solution you'd like
Desired output: e.g.: https://huggingface.co/api/models/mcpotato/42-eicar-street returns:

{
    "_id": "621ffdc136468d709f17ddb4",
    "id": "mcpotato/42-eicar-street",
    "modelId": "mcpotato/42-eicar-street",
    "author": "mcpotato",
    "sha": "b9c253233a4bdc49df66d54d0eff878915ac086c",
    "lastModified": "2024-08-26T16:48:07.000Z",
    "private": false,
    "disabled": false,
    "gated": false,
    "tags": [
        "pytorch",
        "region:us"
    ],
    "downloads": 0,
    "likes": 0,
    "siblings": [
        {
            "rfilename": ".gitattributes"
        },
        {
            "rfilename": "build_pickles.py"
        },
        {
            "rfilename": "danger.dat",
             "security": { 
              "pickle": ["builtins.eval"]
              }
            }
        },
        {
            "rfilename": "eicar_test_file",
            "security": { 
              "malware": "unsafe" 
            }
        },
        {
            "rfilename": "eicar_test_file_bis",
              "security": { 
              "malware": "unsafe" 
            }
        },
        {
            "rfilename": "pytorch_model.bin"
        },
        {
            "rfilename": "supposedly_safe.pkl"
        },
        {
            "rfilename": "token_leak.yml"
        }
    ],
    "spaces": [],
    "createdAt": "2022-03-02T23:29:05.000Z"
}

Describe alternatives you've considered
N/A

Additional context
This would be incredibly helpful when establishing policies on acceptable use of models based on model metadata.

[julien-c]

i think it may be documented somewhere but you can indeed request this info through the API:

https://huggingface.co/api/models/mcpotato/42-eicar-street?securityStatus=true

cc @McPatate

[Wauplin]

In addition, you can also use the /tree endpoint that lists all directories and files. If you pass expand=True, the security scanner results are returned as well: https://huggingface.co/api/models/distilbert/distilgpt2/tree/main?expand=True

(be careful, results are paginated if repo has hundreds of files. You need to check the Link header)