Hey,
While I was cleaning up some warnings in my output, I noticed Build v4.1 tries to call loadstring() which, to my understanding, It’s commonly associated with backdoors, toolbox viruses, and other exploit methods.
So should I be worried or is this behavior normal?
The loaded string has to be defined, so knowing what it does shouldn’t take too much reading. It shouldn’t be used generally, unless you were to have some type of AI code writing during runtime. Otherwise with plugins you have the ability to create script instances, modules and write to the source of them. So using loadstring to LoadResource() is not safe, but it may be due to how the plugin developer set up their plugin, which requires that you not use LoadAsset or the plugin may be taken off sale. But you can Load a package which is the proper practice of loading in external modules.
you or someone else could take a look at plugin source code and see what it is, can you link it
The official BuildV4 is okay to use. However, if you are using a different version, this is no guarantee on if loadstring is being used maliciously or not.
I think you have a different version. I would be careful.
Here is the original:
(loadstring is present multiple times in that one ^ but it’s commented out. Neither the plugin id or script line from your screenshot match)
Sorry for the late reply,
Yeah, looks like I downloaded a reuploaded version of Buildv4 that was made by SimBuilder. I didn’t realize there were different versions of it out there, so that explains the sketchy behavior. Thanks to everyone who replied, helped a lot.
