This is very obviously a backdoor.
If you want to know how I can easily figure this out: here’s what I did.
getfenv() returns a table of the functions and variables in the current environment. This can be used to easily attempt to hide a function.
In this case, it indexes string.reverse("\101\114\105\117\113\101\114"). If you see what this ascii code corresponds to “eriuqer”, which when put through the reverse function gives you “require”.
So, the script uses getfenv() and escapes ascii code to hide the require index in that table that is returned.
It then calls the require function with the asset id “5723263360”. Upon further inspection this is a quote on quote “require chain”, which basically hooks up module scripts in a chain to require each-other in an attempt to hide the final script in the chain.
I’ve reached a script in the chain that’s obfuscated, I don’t have the tools to get through it so
TL;DR: The script uses require to get a chain of module scripts, which eventually leads to a server-sided backdoor.