I remember a while back that an announcement was posted about it being required by the Roblox rules to disclose the correct statistics for case/crate/random drop openings in your game if they were purchased with the robux currency. This can be found here: Guidelines around users paying for random virtual items
Since this update, I always knew they were reading our code to verify the statistics if they believe we were lying to our players who spent robux. If they suspected it, they could just read the code to verify the correct probability of that crate opening and giving you something, and if it was off, they would apply the correct moderation or ask you to fix it.
I believe that this use case of code moderation is fine, as long as we can be sure keys are encrypted and safe in KeyService, and that the moderators won’t release our methods of effects in games/personal IP. They are just making sure the player doesn’t get scammed because of some bad actor saying that legendary items can be received 99% of the time, and making some kid feel bad because, while he believes he is just ridiculously unlucky and just spent lots of Robux, the developer just set the probability to something like 1%.
This is just one valid example that I would agree with Roblox moderating and deciding as malicious.
Another example would be free models with viruses in them. Search up anything on the toolbox. If it isn’t Roblox verified, chances are, it has a virus script in it that replicates to all other objects in the game and is tedious to remove. I remember my first place is plagued with these because it was all free models, many of which being by regular users who had malicious intent.
I agree with Roblox moderating this even more, 100%! If it’s malicious and on the toolbox for free, any user can view the code. In which, having a support team review your public code would be even safer than a normal user reviewing it, because they are employed by Roblox.
I think these circumstances and scenarios would answer your question of what code could be flagged. Hopefully this helped. Thanks!