You are absolutely right - blocklisting is a game of whack-a-mole. However, in the context of serialized ML weights, the "allowlist" of valid imports is actually quite small (mostly torch.nn, collections, numpy). Right now, we are flagging the obvious low-hanging fruit (script kiddie RCE) because generic SCA tools miss even that. The roadmap includes moving to a strict "Allowlist" mode where we flag any global import that isn't a known mathematical library. That’s much safer than trying to list every dangerous function