So I made a plugin inspired by Studio Tweaks and it’s getting denied.
This is the plugin: BetterStudio.rbxmx (307.4 KB)
Press space to open the context menu to do stuff with it.
I’m using getfenv, setfenv, loadstring, .Source and InsertService. But according to the best practices this isn’t allowed altough, I don’t use it to obscure engine features, and the plugin LoadsAssets because that’s usefull to have and is already in multiple other plugins. And the loadstring is just used to save scripts that you can run and also run scripts while editing.
Also I think the 30$ plugin InCommand - versatile, adaptable command execution also uses loadstrings to do this.
This is the message I got from Roblox:
Hello!
Roblox has disabled distribution on Creator Store for the asset “BetterStudio” (asset ID 85293317684003 version 1) because it may violate our Community Standards against Misusing Roblox Systems. Please view our Best Practices for making safe assets, amend, and re-submit the asset. If you believe this content decision was in error, you can appeal here.
Sincerely, The Roblox Team
Notice it also says that it may violate the standards, so the probably didn’t even check.
And I appealed it and they denied it.
This is what it said on the appeal thing.
It probably got denied because its very easy to create vulnerabilities with loadstring, even intentionally, in a way that is too obscure to check for reliably.
Most you can do is load the unsafe luau functions as an external library (via Require IDs), Roblox has also been doing this for anyone who has been uploading MainModules to the toolbox that contains said lines of code as well.
Now that you show the code I’m struggling to think of any way you could make it look more like a virus. If it were me manually approving it, I would just deny it immediately.
Why would you even use loadstring?
Anyway you can just appeal that
I had same problem with plugin using loadstring and appealing it solved the issue
Problem is that each update of plugin you will have to send new appeal likely
Already made code put inside the text?
It would’ve made more sense if user were the one writing it but it doesn’t seem the case here judging from screenshot.
The best you can do is to reformat plugin to avoid anything like that: putting already made code and executing it via loadstring and instead giving loadstring purely to user input!
You can also technically use this “Lua/Luau VM” modules but uhhh that is very unoptimized and is equialent of running interpeter on interpeter itself (very bad for perfomance) and could violate TOS in this example im pretty sure
adding to this.
Or you can get the code from the user and put it in a module script yourself.
Try removing the loadstring stuff not commenting it out. I have a guess that the moderation can read comments, probably for bad actors commenting out code and then instructing the user to use it, or for them to put malicious links that people reading the plugin source code can click and get infected from.
Thank you, this worked for the commands and the running the scripts.
Also for loading assets I had to use game:GetObjects()
It’s so dumb that plugins have to do this stuff.
