This is not the first time I've heard of checkpoints being used to distribute malware. In fact, I've heard this was a popular vector from shady international groups.
I wouldn't expect this from Bilibili's Index Team, though, given how high profile they are. It's probably(?) a false positive. Though I wouldn't use it personally, just to be safe.
The safetensors format should be used by everyone. Raw pth files and pickle files should be shunned and abandoned by the industry. It's a bad format.
I imagine it has more to do with whether or not the file appears to have executable python code in it, as a .pth file is usually just a a pickled python object and these can be manipulated to load arbitrary python code when loaded.
I wouldn't expect this from Bilibili's Index Team, though, given how high profile they are. It's probably(?) a false positive. Though I wouldn't use it personally, just to be safe.
The safetensors format should be used by everyone. Raw pth files and pickle files should be shunned and abandoned by the industry. It's a bad format.