Avoid running untrusted scripts! They can compromise your system and data
For more info, read here

Running Lua Scripts

The Lua scripting environment provides powerful capabilities that can interact with your system. While this enables the creation of useful tools and utilities, it also presents potential security risk

Risks of Running Untrusted Scripts

NEVER run Lua scripts from untrusted sources. Malicious scripts can:

  • Access your file system and steal sensitive data

  • Install malware or backdoors on your computer

  • Modify system settings without your knowledge

  • Execute harmful commands with your privileges

  • Capture and transmit your personal information

  • Compromise your accounts and credentials

Warning Signs of Potentially Malicious Scripts

Be especially cautious of:

  • Obfuscated code: Scripts with intentionally obscured or difficult-to-read code

  • String encoding: Excessive use of encoded strings or character codes

  • Base64 content: Large blocks of base64-encoded data

  • Executable downloads: Scripts that download and run external files

  • Suspicious URLs: Scripts connecting to unfamiliar or suspicious websites

  • Unnecessary file operations: Unexpected reading or writing of files

  • Kernel or system access: Scripts attempting to access system components

  • Scripts promising "free" premium features: If it sounds too good to be true, it probably is

Best Practices for Script Safety

  1. Only run scripts from trusted sources you personally know and trust

  2. Review code before running it to understand what it does

  3. Do not run scripts you don't understand

  4. Keep your system and security software updated

  5. Maintain regular backups of important data

  6. Use a separate testing account when possible for trying new scripts

  7. Report suspicious scripts to appropriate authorities or communities

Suspicious Patterns to Watch For

Rather than providing specific code examples that could be misused, here are general patterns that should raise concerns:

  • Functions that decode or decrypt strings before executing them

  • Code that attempts to read sensitive system files or user directories

  • Scripts that send data to external servers, especially using encrypted or obfuscated URLs

  • Code that attaches to or manipulates other processes on your system

  • Scripts that create invisible or hidden elements that continue running in the background

  • Code that attempts to write or modify executable files or system settings

  • Attempts to disable security features or anti-virus programs

If you see these patterns in a script from an untrusted source, treat it with extreme caution.

If You've Run a Suspicious Script

If you believe you've run a malicious script:

  1. Disconnect from the internet immediately

  2. Run a full system scan with reputable security software

  3. Change passwords for important accounts from a different device

  4. Monitor your accounts for suspicious activity

  5. Contact our staff immediately or open a support ticket to report the incident

  6. Provide details about the script and the user who sent it to you

  7. Consider professional help if you suspect a serious compromise

Our security team can provide guidance specific to your situation and help prevent similar issues for other users. The sooner you report a potential security incident, the better chance we have of mitigating any damage.

Remember

Your system security is ultimately your responsibility. Always exercise caution when running scripts, even those that appear to come from trusted sources. When in doubt, don't run it!

PreviousUniversal API InformationNextScript Marketplace

Last updated

Was this helpful?