This also caused Picklescan to fail to detect them. After unpacking them, the malicious Pickle files had malicious Python code injected into them at the start, essentially breaking the byte stream.

A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...

The method focuses on the "pickling" process used to store Python objects in bytecode. ML models are often packaged and distributed in Pickle format, despite its longstanding, known risks.

Stable-Diffusion-Pickle-Scanner-GUI is still at version 0.1, so I'm worried about future development. According to the developer, the model download function and preview function will be added.