Anyone converted these to safetensors?
Does this not work in safetensors format? Does it have to do "malicious" calculations in order to achieve it's performance?
https://github.com/jtabox/safetensors-converter
I think it works with the safetensors format. But we currently have no additional time on it.
Maybe someone could propose two PR for both the Hugging Face model and the GitHub loading code.
Can't you load PTH with the diffusion loader in Comfy?
Can't you load PTH with the diffusion loader in Comfy?
You can, but security wise, it is not recommended.
".pth and .pkl files can potentially be security risks because they may contain arbitrary Python code. ComfyUI has built-in safe loading features, but it is recommended to prefer the .safetensors format when possible, as it is a safer alternative."
It is good to know that Comfy itself has some built in protection with pth models, but do they protect against all exploits? I've been running over my monthly bandwidth cap and need to avoid downloading this model twice.
you saying this model might hack your pc and download all your money from your pc and download all your games from your pc then remoVe your windows and all you drives ? or this model might fully spy on your calls/contact/life/web browsing history and open your webcam and record your face and send it to fbi then fbi come to your house and send you to jail for checking ? what might this model do to your pc ? maybe eXpose all your hidden files in your drive c: and d: to public people ? can you list the 10 potential hacks this model might apply to your comfyui ?
you saying this model might hack your pc and download all your money from your pc and download all your games from your pc then remoVe your windows and all you drives ? or this model might fully spy on your calls/contact/life/web browsing history and open your webcam and record your face and send it to fbi then fbi come to your house and send you to jail for checking ? what might this model do to your pc ? maybe eXpose all your hidden files in your drive c: and d: to public people ? can you list the 10 potential hacks this model might apply to your comfyui ?
Im gonna have to side with this guy. This is a full, real, big team company thats releasing this model. Yes, we should be mindful to use safetensors whenever possible, because it's good practice, but we really need to start agreeing that it isnt necessary to be terrified in cases like this one. They're gonna make a hell of a lot more money from funding and investors than they would from trying to inject malicious code with their product. Not to mention the jailtime
We live in a world where all sorts of malicious code and intensions ruins people's lives on a daily basis and new security threats are revealed weekly if you subscribe to security news feeds. "Trust Wallet" totally asked people to trust me, bro. Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code: https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
Other recent headlines:
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
One good YouTube podcast is Security Now where they dissect exploits and there was one last year that used 7 layers of brilliant obfuscation to hide itself and bypass all anti-virus and malware scanners. It was highly sophisticated and wouldn't have been caught except for when one user debugged why his prompt had a 1.5 second delay.
The Log4j exploit (Log4Shell) affected 2.5+ billions of devices impacting major tech companies (Cloudflare, Apple, Amazon) to home users, with roughly 38% of applications still using vulnerable Log4j versions. They are a big company and still bad stuff happened.
But sure, let's download multi GB .pth files for fun.
well there is nothing to steal from my pc ,except some games and stuff,no money in pc,also we all (good and bad people ) going to die anyways (end of world is coming clock is ticking). so why worry about temporary things ?