Advanced Anti-Backdoor - Script Security

image.jpg1920×1920 61.7 KB

Tired of free models injecting backdoors into your game? Advanced Anti-Backdoor uses not only the heuristic checks to flag malicious code, but also gives you a feature to verify malicious scripts with AI for free right from the plugin - catching obfuscated loaders, hidden require() calls, data exfiltration, self-replicating viruses, and more that simple pattern-matching tools miss.

Note that AI is simply 1 aspect of this system - which you are able to use to verify flagged cases from free/local heuristic checks that run in studio, improving upon older plugins.

Why This Exists

Most anti-virus plugins rely on static keyword lists. Obfuscators evolve faster than those lists. This plugin sends flagged scripts to a cloud-hosted AI model that actually reads the code and decides whether it’s malicious, give you a confidence score, a reason, and the exact line number.

Originally, I made this plugin in 2020 and only recently decided to completely overhaul it, improving the UI and making it useful.

Features

• AI + Hueristic Classification - scripts are analyzed not only by builtin heuristic models, but also by LLMs hosted on a dedicated backend. Heuristic checks are unlimited.
• 9 Model Fallback Chain - If one model is rate-limited, the system will automatically try the next. This allows you to get maximum uptime across even Groq’s free tier.
• BYOK (bring your own key) - bring your own Groq API key for extra quota. Works out of the box without one and is extremely easy (and free to obtain).
• Enable continuous background scanning on a configurable interval.
• Quarantine System - flagged scripts are listed with their threat reason, confidence %, source model, and line number. You can view source, delete, or whitelist each one.

Note: NO data pertaining to your code AT ALL is retained (see zero retention policy Your Data in GroqCloud - GroqDocs). If you still do not trust it, feel free to insert your own free API key - both work.

Free Usage

If you choose to use the AI portion of the plugin, all users gets a free daily allowance without doing anything or putting an API key in, so you can test it out right away

Quota resets at 00:00 UTC daily. Your remaining usage is shown in the Settings tab.

Note

You can always paste your own free Groq API key into the plugin settings for a separate personal quota on top of the shared pool.

How to Use

1. Install the plugin from the Creator Store.
2. Click Anti-Backdoor in the Studio toolbar to open the panel.
3. Quick scan: Select scripts/folders in Explorer → click either Scan Selected (Heuristic) or Advanced Scan (AI).
4. Auto-scan: Go to the Auto tab → enable Auto-Scan. The plugin will continuously monitor your game.
5. Review results: Flagged scripts appear in the quarantine list with full details. You can right-click for options or hover over the icon to view reason, clicking the link also opens the exact flagged line.

How It Works (Under the Hood)

Script Source → Cloud Worker → AI Model Chain → Verdict + Confidence
                    ↓
              Cached (24h) — repeat scans are instant

1. plugin sends script source to a Cloudflare Worker backend.
2. worker verifies plugin ownership, checks rate limits, and queries the cache.
3. on cache miss, it picks the best AI model based on script size and fallsback to other models if needed.
4. The AI returns structured information regarding the script
5. Results are cached for 24 hours so re-scans are free and instant.

Your script source is only sent to the classification backend and is not stored, logged, or shared.

Screenshots

image1483×555 133 KB

image800×489 72 KB

Feedback & Bugs

For any suggestions, Reply below or DM me.

plugin revenue goes directly toward scaling the AI backend so the free tier stays generous or increases as the user base grows.

Do you have any benchmarks proving this actually reliably works in real-world scenarios? As far as the post goes it just shows the AI operating on very specially crafted test cases that would not reflect cases the target audience of this slop is going to encounter.

Wdym by “slop”? this was built upon hours of work i put in back in 2020 as well as this month? It was almost entirely manually coded.

As far as the post goes it just shows the AI operating on very specially crafted test cases that would not reflect cases the target audience of this slop is going to encounter.

There’s a plugin that used to be popular back then called ServerDefender, I was authorized by the owner to use some of the heuristic checks directly from there (and this is a plugin well tested in real world scenarios) and I built on top of those, fixing any broken checks as well, improving massively UPON it.

Yes, this is tested in “real world scenarios”. Those “very specially crafted test cases” include code that exactly occurs in real world scenarios, and that is obviously not all it was tested on… im not sure if you think it simply string matches for those specific cases or what but… anyway. Additionally, it has many improvements, for example it goes beyond basic string matching and actually recursively traverses loaded modules referencing each other, as some malicious systems do to dodge scans normally.

I feel i should clarify, anything remotely “AI” about this plugin is simply 1 aspect of this system to give it kind of a unique selling point, to VERIFY flagged cases from the solid heuristic checks, removing false positives or detecting missed cases. Though i know the community sentiment regarding AI over here is quite negative, which obviously doesn’t help, though it doesn’t change this plugin is extremely useful.

wdym ‘almost’

People generally call AI coded things slop, and i said “almost” because I cant deny SOTA models were used SOLELY to verify edge cases or audit for errors humans can miss. Not using them for that purpose is a very foolish way to set yourself back in this era. I have around a decade of experience in the software engineering industry so I know what im doing, and I had to mention that so people don’t assume this is vibecoded or something

I called it slop because generally, that’s what “products” that appear to advertise themselves as entirely AI tools usually tend to be - just some meaningless thing with AI tacked onto it that sounds useful on paper but ends up being useless.

If that’s all the AI is doing then why does your main marketing point imply that the entire process is fully AI from start to finish? I don’t know about you but this right here would suggest to most people that it’s entirely AI and not dependent on reliable methods:

That part of the post you managed to find gives off the wrong message.

I wrote a clarifying comment here to specify that AI only takes on a secondary role and is an OPTIONAL feature ON TOP of builtin heuristic checks, for whoever wants to use it, I’m not sure why you read that and then decided to render my clarifying comment useless… If you spend a few minutes reading the post details beyond the first sentence, rather than trying to cherry pick whatever you can find, you’d see that without the clarification as well, it indeed is entirely secondary.

Either way, I’ve updated that part of the post.

you can just ask the built-in roblox studio assistant to check your selected scripts if there malicious or not, dont know why u needed to add that feature anyway.

With the advent of new backdoors that are much more fancy that a simple script I’m considering how well your system may perform, hopefully without issue..

I have seen a few cases at this point of backdoors so intertwined with a free model they’re basically unremovable without dissecting the code line by line, using AI may be a solution but a costly one at that. I myself tried making a project once that its whole purpose was scanning the entire toolbox in search of backdoors, labeling some 100% Backdoors others Potential Backdoor and others Not a Backdoor, manually reviewing the Potential backdoors, and marking the 100% backdoors, and then create a similar extension to the https://rotector.com/ extension, in which they put a ‘safety’ rating on users, but instead of users, it is for toolbox items.

I ended up dropping it due to lack of community interest, time and the fact that running a project like that would be very financially expensive, hopefully you can fill in that void with your project!

can we stop posting all these security resources..? anyone can detect backdoors very easily these are literally useless omg.

Finally a truthful statement!!!

you’re just assuming Requirer isnt the best plugin on roblox?

ok jokes aside, antibackdoor plugins are REALLY good for beginners