Title says it all.
And yes, I’ve checked, maybe I didn’t look hard enough, anyways the only answers I could find said things similar to
Also asking because I just want to know
Yes they can. Most of the time they inject their own code tho.
If you use that local script as a way of protection, you should have in mind that it can be read and modified. For example if you have a password for a door in there, the exploiter can see it. This is also true for module scripts in replicated storage, with the difference that the exploiter can’t modify the server-side version of them.
Based on my understanding, exploiters cannot edit the Source Code of an existing Script. When a Local Script is replicated to the Client, the Source Code is already compiled into bytecode. It is possible to get the Source Code from the bytecode, but it is not an exact representation of the original Script. Theoretically, an exploiter could use a “decompilation” utility on a Script and inject a new one with the edited Source Code, but this is not editing the original Script and creating a new Instance, so technically the answer is no, at least from my knowledge.
idk it’s able or no technically, On my view there are 3 type exploiters.
Many exploiters use scripts that made by anyone else and they don’t even know how to coding. they’re most noob type exploiter.
Second type exploiters are able to coding. somehow they know luau language, maybe they are roblox studio engineer or something else, like greyhat, but they can’t make their own executor so they makes scripts for first type noobs.
Third type exploiters are able to make executors, they use C languages like C# and make executors. they have deep knowledge about roblox system. Second type exploiters are able to become third type if they learn more.
so eventually, only third type exploiters can change local scripts if it’s able technically. at this point any executors doesn’t have system to change client side script, so even it’s able to change, second type exploiters can’t do it.
btw there are fourth type guys but they’re not exploiters, they’re HACKERS. they’re able to accesss server and appear to roblox game and destroy it. and become roblox urban legend.
When third type exploiters and hackers make executor together that able to access server, darkness will visit to our roblox
80% of those statements say yes to your question except for that one weird little guy.
If you dont trust them here is Robloxs source.
Additionally, through the use of third party software, exploiters can run arbitrary Luau code on the client to manipulate their client’s data model and decompile and view code running on it.
If you dont trust Roblox you can look at synapse documentation right from the source themselves. (Yes) it got taken down ever since the event but someone made a reupload of it.
You may notice that decompiled output looks a lot different from the original source of that script - this is because of debugging information being irrevocably lost during the compilation process. Synapse does its best to make the decompiled source look as good as possible, but unfortunately decompilation is mostly a guessing game, which will inevitably lead to differences in the decompiled output
https://orangedoggo.github.io/synapse-x-docs/development/decompiler.html
Third answer is correct, they can read and change everything on the client side
I appreciate the sources but the information you gave falls in the “They can read the source script” nothing is said about being able to change the source script of a LocalScript.
I’m pretty sure you’re right, looking at the script.source documentation (should of done this before…) it says “It’s protected and discouraged for editing directly.” I would like you to edit and include this part in the replay you gave. Unless someone gives new information about me being wrong.
To be honest I am not the most experienced with exploiting. I can only give you what I see same as others.
I think the exploiter documentation should suffice, they can use the genrenv() function to access the roblox environment and all of its functions and variables and also modify those functions using function hooking.
This sounds pretty similar to genfenv in Lua so I think you can replicate this behavior in studio as well. However I know getfenv only gets global variables and not the local ones that have the local keyword, might be different in the exploiter software.
So I would say they do not directly change the source code as conveniently as developers but they technically can? IDK, I do admire their resourcefulness a bit.
That is my interpretation of the documentation. If you want to know more you might have to step into forbidden territory or learn C++ and do it with any game engine.
You know, I just don’t get this. When I add an ID number like a texture, I know the program makes a cache of that texture and uses the cache for any other reference, like to Clone(). Well, how about caching (storing) the local scripts (when compiled) and system running an anti-cheat that simply checks from time to time if the local scripts and script count match the cache. Done. No more possible way to cheat via script changes or adding scripts without being kicked (and Roblox being alerted even if you like).
I tried something like this but lack the command level to pull it off. It’s pretty straight forward and should be simple to implement, quite a few different ways. Encrypt it and save it with the compile, link the anti-cheat to a main system fail and kick automaticly.
well it appears @SubParSuperCar doesn’t plan on updating his reply, I guess I’ll just quote him and add the extra stuff.
Script.Source documentation also say
“It’s protected and discouraged for editing directly.”
Bro is thinking inside a box (very no sigma) 
Why the hell they even need to?They can hook any function they want or completelly change envirement of a script.