Instructions to use cycloevan/vuln_detector with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Transformers
How to use cycloevan/vuln_detector with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-generation", model="cycloevan/vuln_detector") messages = [ {"role": "user", "content": "Who are you?"}, ] pipe(messages)# Load model directly from transformers import AutoModel model = AutoModel.from_pretrained("cycloevan/vuln_detector", dtype="auto") - llama-cpp-python
How to use cycloevan/vuln_detector with llama-cpp-python:
# !pip install llama-cpp-python from llama_cpp import Llama llm = Llama.from_pretrained( repo_id="cycloevan/vuln_detector", filename="vuln_detector-Q4_K_M.gguf", )
llm.create_chat_completion( messages = [ { "role": "user", "content": "What is the capital of France?" } ] ) - Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- llama.cpp
How to use cycloevan/vuln_detector with llama.cpp:
Install (macOS, Linux)
curl -LsSf https://llama.app/install.sh | sh # Start a local OpenAI-compatible server with a web UI: llama serve -hf cycloevan/vuln_detector:Q4_K_M # Run inference directly in the terminal: llama cli -hf cycloevan/vuln_detector:Q4_K_M
Install from WinGet (Windows)
winget install llama.cpp # Start a local OpenAI-compatible server with a web UI: llama serve -hf cycloevan/vuln_detector:Q4_K_M # Run inference directly in the terminal: llama cli -hf cycloevan/vuln_detector:Q4_K_M
Use pre-built binary
# Download pre-built binary from: # https://github.com/ggerganov/llama.cpp/releases # Start a local OpenAI-compatible server with a web UI: ./llama-server -hf cycloevan/vuln_detector:Q4_K_M # Run inference directly in the terminal: ./llama-cli -hf cycloevan/vuln_detector:Q4_K_M
Build from source code
git clone https://github.com/ggerganov/llama.cpp.git cd llama.cpp cmake -B build cmake --build build -j --target llama-server llama-cli # Start a local OpenAI-compatible server with a web UI: ./build/bin/llama-server -hf cycloevan/vuln_detector:Q4_K_M # Run inference directly in the terminal: ./build/bin/llama-cli -hf cycloevan/vuln_detector:Q4_K_M
Use Docker
docker model run hf.co/cycloevan/vuln_detector:Q4_K_M
- LM Studio
- Jan
- vLLM
How to use cycloevan/vuln_detector with vLLM:
Install from pip and serve model
# Install vLLM from pip: pip install vllm # Start the vLLM server: vllm serve "cycloevan/vuln_detector" # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:8000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "cycloevan/vuln_detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker
docker model run hf.co/cycloevan/vuln_detector:Q4_K_M
- SGLang
How to use cycloevan/vuln_detector with SGLang:
Install from pip and serve model
# Install SGLang from pip: pip install sglang # Start the SGLang server: python3 -m sglang.launch_server \ --model-path "cycloevan/vuln_detector" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "cycloevan/vuln_detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker images
docker run --gpus all \ --shm-size 32g \ -p 30000:30000 \ -v ~/.cache/huggingface:/root/.cache/huggingface \ --env "HF_TOKEN=<secret>" \ --ipc=host \ lmsysorg/sglang:latest \ python3 -m sglang.launch_server \ --model-path "cycloevan/vuln_detector" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "cycloevan/vuln_detector", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }' - Ollama
How to use cycloevan/vuln_detector with Ollama:
ollama run hf.co/cycloevan/vuln_detector:Q4_K_M
- Unsloth Studio
How to use cycloevan/vuln_detector with Unsloth Studio:
Install Unsloth Studio (macOS, Linux, WSL)
curl -fsSL https://unsloth.ai/install.sh | sh # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for cycloevan/vuln_detector to start chatting
Install Unsloth Studio (Windows)
irm https://unsloth.ai/install.ps1 | iex # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for cycloevan/vuln_detector to start chatting
Using HuggingFace Spaces for Unsloth
# No setup required # Open https://huggingface.co/spaces/unsloth/studio in your browser # Search for cycloevan/vuln_detector to start chatting
- Pi
How to use cycloevan/vuln_detector with Pi:
Start the llama.cpp server
# Install llama.cpp: brew install llama.cpp # Start a local OpenAI-compatible server: llama serve -hf cycloevan/vuln_detector:Q4_K_M
Configure the model in Pi
# Install Pi: npm install -g @mariozechner/pi-coding-agent # Add to ~/.pi/agent/models.json: { "providers": { "llama-cpp": { "baseUrl": "http://localhost:8080/v1", "api": "openai-completions", "apiKey": "none", "models": [ { "id": "cycloevan/vuln_detector:Q4_K_M" } ] } } }Run Pi
# Start Pi in your project directory: pi
- Hermes Agent new
How to use cycloevan/vuln_detector with Hermes Agent:
Start the llama.cpp server
# Install llama.cpp: brew install llama.cpp # Start a local OpenAI-compatible server: llama serve -hf cycloevan/vuln_detector:Q4_K_M
Configure Hermes
# Install Hermes: curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash hermes setup # Point Hermes at the local server: hermes config set model.provider custom hermes config set model.base_url http://127.0.0.1:8080/v1 hermes config set model.default cycloevan/vuln_detector:Q4_K_M
Run Hermes
hermes
- Atomic Chat new
- OpenClaw new
How to use cycloevan/vuln_detector with OpenClaw:
Start the llama.cpp server
# Install llama.cpp: brew install llama.cpp # Start a local OpenAI-compatible server: llama serve -hf cycloevan/vuln_detector:Q4_K_M
Configure OpenClaw
# Install OpenClaw: npm install -g openclaw@latest # Register the local server and set it as the default model: openclaw onboard --non-interactive --mode local \ --auth-choice custom-api-key \ --custom-base-url http://127.0.0.1:8080/v1 \ --custom-model-id "cycloevan/vuln_detector:Q4_K_M" \ --custom-provider-id llama-cpp \ --custom-compatibility openai \ --custom-text-input \ --accept-risk \ --skip-health
Run OpenClaw
openclaw agent --local --agent main --message "Hello from Hugging Face"
- Docker Model Runner
How to use cycloevan/vuln_detector with Docker Model Runner:
docker model run hf.co/cycloevan/vuln_detector:Q4_K_M
- Lemonade
How to use cycloevan/vuln_detector with Lemonade:
Pull the model
# Download Lemonade from https://lemonade-server.ai/ lemonade pull cycloevan/vuln_detector:Q4_K_M
Run and chat with the model
lemonade run user.vuln_detector-Q4_K_M
List all available models
lemonade list
Model Card for merged-vuln-detector
Model Details
- Base Model:
llama-3.2-1B-Instruct - Fine-tuned Model:
merged-vuln-detector - Model Type: Causal Language Model fine-tuned for vulnerability detection in code.
Model Description
This model is a fine-tuned version of llama-3.2-1B-Instruct on a dataset of code snippets and their corresponding vulnerability analyses. The model is intended to be used as a security expert that can analyze code and identify potential vulnerabilities.
Training Data
The model was fine-tuned on the CyberNative/Code_Vulnerability_Security_DPO dataset, which can be found on Hugging Face at https://huggingface.co/datasets/CyberNative/Code_Vulnerability_Security_DPO.
The data is formatted as follows, where the model is prompted to analyze the security of a given code snippet:
Analyze the security vulnerabilities in the following code.
[CODE SNIPPET]
Analysis:
[VULNERABILITY DESCRIPTION]
Training Procedure
The model was fine-tuned using QLoRA on a single GPU. The training script uses the trl library's SFTTrainer.
Hyperparameters:
- Quantization: 4-bit (
nf4) - LoRA
r: 16 - LoRA
alpha: 32 - LoRA
dropout: 0.1 - Target Modules:
q_proj,k_proj,v_proj,o_proj - Batch Size: 1 (with gradient accumulation steps of 8)
- Optimizer:
paged_adamw_8bit - Precision:
fp16 - Max Steps: 240
- Learning Rate:
2e-4 - Max Sequence Length: 1024
Evaluation Results
The model was evaluated on the doss1232/vulnerable-code dataset against the base model. The results are as follows:
| Model | ROUGE-L F1 | BLEU |
|---|---|---|
llama-3.2-1B-Instruct |
0.0933 | 0.0061 |
merged-vuln-detector |
0.1335 | 0.0219 |
How to use
from transformers import AutoTokenizer, AutoModelForCausalLM
model_name = "merged-vuln-detector"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForCausalLM.from_pretrained(model_name)
code = """
#include <cstring>
void copyString(char* dest, const char* src) {
while (*src != '\0') {
*dest = *src;
dest++;
src++;
}
}
int main() {
char source[10] = "Hello!";
char destination[5];
copyString(destination, source);
return 0;
}
"""
prompt = f"Analyze the security vulnerabilities in the following code.\n\n{code}\n\nAnalysis:\n"
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_length=512)
print(tokenizer.decode(outputs[0], skip_special_tokens=True))
Example Output
Input Code:
#include <cstring>
void copyString(char* dest, const char* src) {
while (*src != '\0') {
*dest = *src;
dest++;
src++;
}
}
int main() {
char source[10] = "Hello!";
char destination[5];
copyString(destination, source);
return 0;
}
Model Output:
The code has a buffer overflow vulnerability due to the lack of bounds checking on the destination buffer size.
GGUF / llama.cpp (On-device Inference)
Quantized GGUF builds of merged-vuln-detector are provided for on-device inference with llama.cpp. They were converted from merged-vuln-detector/model.safetensors with convert_hf_to_gguf.py and quantized with llama-quantize.
| File | Quantization | Size | Notes |
|---|---|---|---|
vuln_detector-Q4_K_M.gguf |
Q4_K_M | 0.81 GB | Recommended for on-device use |
vuln_detector-Q8_0.gguf |
Q8_0 | 1.32 GB | Near-lossless |
Quantization quality
Measured on 100 samples from doss1232/vulnerable-code (shuffled with seed 42, 500-row held-out pool, first 100 evaluated; fine-tuning prompt format; greedy decoding, max_new_tokens=128; identical harness for every variant):
| Variant | ROUGE-L F1 | BLEU | Exact output match vs original |
|---|---|---|---|
| transformers (original, fp16) | 0.1962 | 0.0645 | — |
| GGUF F16 | 0.1963 | 0.0645 | 98% |
| GGUF Q8_0 | 0.1987 | 0.0675 | 89% |
| GGUF Q4_K_M | 0.2325 | 0.0916 | 36% |
Quantization does not degrade benchmark quality — Q8_0 and Q4_K_M match or slightly exceed the original model's reference metrics (differences within noise for a 1B model). Q4_K_M's token-level outputs diverge from the fp16 model on many samples while remaining equivalent in quality; choose Q8_0 when close output fidelity to the fp16 model matters.
Note: these absolute numbers are not directly comparable to the "Evaluation Results" table above, which used a different sampling/decoding protocol.
Measured performance (Apple M1, Metal)
llama-bench (pp512 = prompt processing, tg128 = generation):
| Variant | Prompt processing (pp512) | Generation (tg128) |
|---|---|---|
| GGUF F16 | 941 t/s | 19.2 t/s |
| GGUF Q8_0 | 618 t/s | 29.4 t/s |
| GGUF Q4_K_M | 504 t/s | 42.3 t/s |
Generation is memory-bandwidth-bound, so smaller weights decode faster: Q4_K_M generates 2.2× faster than F16. Prompt processing is compute-bound and favors F16 (dequantization overhead), but at 500+ t/s a typical prompt is prefilled in well under a second — end-to-end latency is dominated by generation, so Q4_K_M is the fastest overall.
End-to-end wall-clock on the identical 100-sample eval batch (greedy, n_predict=128, same prompts):
| Runtime | Batch time | Speedup |
|---|---|---|
transformers fp16 (PyTorch, MPS) |
138 s | 1.0× |
| llama.cpp GGUF F16 | 96 s | 1.4× |
| llama.cpp GGUF Q8_0 | 57 s | 2.4× |
| llama.cpp GGUF Q4_K_M | 53 s | 2.6× |
Weight memory footprint: 2.48 GB (F16) → 1.32 GB (Q8_0) → 0.81 GB (Q4_K_M).
Run with llama.cpp
llama-cli -hf cycloevan/vuln_detector:Q4_K_M \
-p "Analyze the security vulnerabilities in the following code.\n\n<CODE>\n\nAnalysis:\n" \
-n 256 --temp 0
Run with llama-cpp-python
from llama_cpp import Llama
llm = Llama.from_pretrained("cycloevan/vuln_detector", filename="vuln_detector-Q4_K_M.gguf")
code = "def login(u, p): cursor.execute(f\"SELECT * FROM users WHERE name='{u}' AND pw='{p}'\")"
prompt = f"Analyze the security vulnerabilities in the following code.\n\n{code}\n\nAnalysis:\n"
out = llm(prompt, max_tokens=256, temperature=0)
print(out["choices"][0]["text"])
Model Card Authors
[Seokhee Chang]
Model Card Contact
- Downloads last month
- 40
4-bit
8-bit