If it’s in Replicated Storage, they can. If it’s in Server Storage then no they can’t.
I recommend you put Important game modules/modules you know can only be used by the server in Server Storage, and put non important modules in Replicated Storage.
I think the question is a bit ambiguous because what exactly does it mean to “exploit a script?” If you’re referring to what an exploiter can do to local scripts, then the answer is “yes, but only if the module is required by a local script.” But if it’s on the server, then “no, unless it’s part of processing remote events, in which case proper sanity checks need to be put in place like all other remote events.”
Basically any script that’s in ServerStorage or ServerScriptService CANNOT be accessed in game. Now, If it’s in ReplicatedStorage, they can easily get to it,
I’m making Chat Commands using Module Scripts in the ChatModules Folder so I can use the RegisterProcessCommandsFunction, which I believe you can’t do anywhere else besides the Chat Modules folder. (correct me if I’m wrong)
Will exploiters be able to exploit the Module Scripts I’m making inside the Chat Modules Folder?
If you want a visualization, I’m asking if exploiters can exploit this:
Anything not stored on the server can be exploited, I recommend putting everything in ServerStorage, it may require you to change a lot of code but it’s worth it to avoid exploiters getting in there.
Yes they can. This is because the client can access these modules. Although their called on the server, so you should be all good with filtering enabled and stuff. So their changes wont apply for everyone else and the server. So they can modify it, but it’ll only apply locally.
But keep in mind, their changes will NOT apply for everyone else. So if you have a filtering script, but an exploiter edits it to be with a swear word, it’ll only display that swear word for the exploiter. Not the rest of the server. Because the ChatModules folder is called by on the server.
But if it’s in the ClientChatModules then you’re out of luck.
Ah, so as long as the module scripts are in the ChatModules Folder, then the exploiters won’t be able to exploit the module scripts in that specific folder?