The script looks safe. From the skim, it just alters movement on a character when they equip the tool. From my understanding, a ‘virus’ or backdoor would insert some module (using require, getfenv, etc) that an exploiter can hook their code on to. There’s a good thread on backdoors here. The script is mostly harmless.
My guesses are the plugin probably suspected the variables. The script’s variables are unclear, such as: m, c, lolz, and some malicious code uses these kinds of variables to obfuscate its content. The use of bodymovers on a player’s character could make the plugin think it’s troll code as well.