The tool will execute any code in tampered checkpoint files

[smirkingface]

Line https://github.com/diStyApps/Safe-and-Stable-Ckpt2Safetensors-Conversion-Tool-GUI/blob/1961126931c56f24750cf386bb7c26f5a1cf8d10/run_app_gui.py#L203 loads the .ckpt file without any checks or safety, and will execute any code in a tampered checkpoint file. This implementation is fine if you're running the tool on checkpoints that you know are safe, but the tool needs a VERY BIG WARNING sign to not use it on any checkpoints from unknown sources. It completely negates the benefit of the safetensors format when used in that way.

Edit: Just noticed it is mentioned in the readme, but easily missed by anyone just using the tool. Do not call your tool "safe" if it isn't though.

[diStyApps]

Thanks for bringing up your concerns.

I will make sure to make the note more noticeable. As mentioned, this tool is useful for distributing and merging new models. I provided information on the risks and uses of the tool so users can make an informed decision on whether to use it or not. The name "safe & stable" is an abbreviation for "safetensors" and "stable diffusion," which I thought was a catchy name. This tool was created to make it easier for people to convert and share models in a safe and easy way, without dealing with the hassle of terminal installs and errors. I previously made a pickle scanning tool, which can be found here: https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI. The link is also included in the readme file. If I had more time, I would consider adding a pickle checker and other methods for safely loading models.