You might be reading the title and are like “eh no” but let me explain this problem first. Many people might look at verification as an unnecessary and tedious problem. I think that verification is completely necessary when it comes to plugins.
Take a look at the front page of the plugin marketplace. The plugins marked red are the ones I concluded are viruses by looking at the profile behind each one and the originality of a plugin’s title and icon.
People behind these virused models can easily trick new players into adding a virus into their game.
Another thing that can be added is a verified feature. A plugin creator would have their plugin verified by a moderator and something like a 
icon would appear in the top right corner of the plugin icon, or the developer themself would be varified (so they can skip the verification process).
This does put a lot of weight on the moderators, but it’s annoying to try to look for a plugin and come across the fake ones.
27 Likes
I fully agree with you, plugin discovery on Roblox.com is non-existing at the moment.
It is probably impossible to moderate plugins on a large scale - but as the situation is now I do not install plugins unless that I have triple checked the legitimacy of the plugin at third party sources (reddit etc).
Even if only the top 50 plugins was verified or had a stamp of approval that would make plugin discovery a lot better than it is today. It could also be a good incentive to plug-in developer to build good plugins.
4 Likes
Wasn’t there a post recently about a developer that got temporarily banned for including profane words inside their game’s script? (for a chat filter…)
If there are enough moderation resources to review games one by one, script by script, why wouldn’t there be for plugins either?
All other marketplace locations are already actively moderated, so I don’t see why plugins aren’t. It makes the most sense to moderate plugins in a larger scale, or at least include some sort of approval system.
I feel like moderation is absolutely necessary for plugins. The issue comes when plugins are updated though; what stops someone with malicious intent from uploading a safe, unique plugin, and then updating it to be a backdoor version of another popular plugin?
2 Likes
I think we all know that there are people who dupe other people’s plugins and modify them by adding malicious scripts. But this is getting out of control. The number of fake plugins is increasing exponencially to the point where you only need to go some pages back and you’ll find this fake copies are filling entire pages.
Today i was searching the plugin library and I came up with this; this is page 6 [pages that were before this were also quite full of those malicious copies, but didnt have as much] and yet its full of fake plugins; nearly all from the same users
What infuriates me more is the fact that when i tried myself to take down malicious copies of my plugins [which removed all references to the original developer and had malicious scripts], I was told by roblox support to make a video explaining how the plugin was malicious. I did it, and yet, 2-3 months after i sent it, they’re still there. To me it feels like roblox neglets this plugin sections. When a plugin randomly grows in 1-2 days to have over a 1M intalls, this should atleast trigger a flag for someone to review them.
We also have the problem of the horrendous relevance search. Its broken and has never worked correctly; specially when searching for plugins. When I try to search for coaster what first apears is this:
Here we can see multiple things:
- Its not even showing 2 full rows
- Its displaying plugins last updated 6 years ago with 98 installs before mine [which is in page 4], which was updated 1 day ago, has over 4k installs and over 100 favorites.
- [Not visible in the image] My plugin [the real one] appears 2 pages after the malicious copies.
If we combine this we can see that this doesnt only affect us plugin developers which will see how people wont find their plugin because they’re not big enough to be in the first pages meaning that now thanks to having multiple pages full of this malicious copies their legitimate plugins will be pushed back; which exponentially lowers the chance of new “random” users finding them; but it also afects the general roblox developer. Roblox has a playerbase who’s age ranges range from kids to adults, but not everyone may know about this fake plugins. Plugins have a higher security level than “normal game scripts” & dont require the game to run to execute their code, meaning they can do much more damage than the average malicious script in a free model; and if we add the horrible search results, everything I said is made worse.
There should be a way to automatically review or moderate this plugins, or atleast a way for us developers to request a takedown and not be ignored with a “Our engineering team will look into this” message and we need better search results for our plugins. Ignoring this things is just damaging us plugin developers, which sometimes can make us question why we spend time doing them, but worst of all, damages our userbase, since they get their games infected with malicious scripts, backdoors, etc…
5 Likes
icon would appear in the top right corner of the plugin icon, or the developer themself would be varified (so they can skip the verification process).
