Stable Diffusion Pickle Scanner
Scan .pt
, .ckpt
and .bin
files for potentially malicious code.
Example output (with numpy
considered "non-standard"):
How to use
- Export
pickle_inspector.py
andpickle_scan.py
to your Stable Diffusion WebUI base directory - Open bash / CMD
- Run command
python pickle_scan.py models > scan_output.txt
- Open
scan_output.txt
If you get an error about torch not being installed, start your webui and copy the venv python path and replace python
with that path.
It might look something like this:
venv "F:\Projects\stable-diffusion-webui\venv\Scripts\Python.exe"
Final command would look like:
"F:\Projects\stable-diffusion-webui\venv\Scripts\Python.exe" pickle_scan.py models > scan_output.txt
Usage
python pickle_scan.py [directory] [debugmode]
Example
python pickle_scan.py models
Debug Mode
Add 1
after directory to see which calls / signals triggered the scan failure.
python pickle_scan.py models 1 > scan_output.txt
Notes
By default this will scan all subdirectories for files ending with .pt
, .ckpt
and .bin