Comment by echelon

This is not the first time I've heard of checkpoints being used to distribute malware. In fact, I've heard this was a popular vector from shady international groups.

I wouldn't expect this from Bilibili's Index Team, though, given how high profile they are. It's probably(?) a false positive. Though I wouldn't use it personally, just to be safe.

The safetensors format should be used by everyone. Raw pth files and pickle files should be shunned and abandoned by the industry. It's a bad format.