Venom [Intercept Malicious Scripts]

Introducing Venom

Bite back against malicious scripts!
Venom is a plugin you can use to safely browse the Toolbox or insert models from other users. This plugin mainly benefits builders and beginner devs, or those wishing to quickly prototype via the Toolbox asset marketplace.

How does it work?

Venom polls the datamodel for newly inserted scripts. When a script is inserted, Venom instantly quarantines it so that it cannot run. This then adds it to the Venom interface, where you can view the script’s contents and manually approve or reject it. Approving the script enables it, and rejecting the script deletes it. Even if the script contains children, rejecting it won’t destroy them! Rejected scripts with children will turn into Folder instances.
Venom also marks suspicious scripts with a yellow border in the Quarantined list. Be aware that this is currently a very naive check for certain function calls and isn’t intended to replace manual checking.

The Interface

screenshot1

  • Use the toggle on the top right to turn Venom’s polling feature on or off.
  • Select a script in the Quarantined list by clicking it.
  • Press the magnifying glass icon to view the selected script.
  • Press the thumbs up icon to approve the selected script.
  • Press the X icon to destroy the selected script (preserving children)
  • Restore All can be used to approve all quarantined scripts.
  • Destroy All can be used to destroy all quarantined scripts.
  • Panic immediately quarantines every single script across your game. Use this sparingly, obviously! :smile:

How to Use

  1. Open Venom using the icon in the Plugins tab
  2. When Venom has a green border and a small Venom icon appears in the bottom right of Studio, Venom is currently active.
  3. Insert something from the Toolbox. Scripts will be caught by Venom!
  4. If you see a script you don’t want, reject it! Otherwise, approve it.
  5. Don’t forget to turn Venom off when you’re making your own scripts!

If you’ve got any feedback, let me know in the comments! Don’t forget to download Venom!

68 Likes

I’ve been working on something like this but I guess you beat me to it! (And your UIs look way better) I was planning on using my recently released sandboxing utility to simulate a live server. Feel free to steal my idea if you want to! :smile:

I was working on some ideas for the sandboxing utility (such as including some plugin-only APIs for sandboxing entire scripts) that would make things a bit easier but it would mostly just be take a script, get its source, and return a sandboxed version of it.

3 Likes

Hey, there are tons of plugins with backdoors, what do you say to skeptics thinking this plugin could do more harm and foul than good?

3 Likes

Sure! This is what my response would be. This plugin is not intended to be an end-all solution to malicious scripts, it’s merely a scanner that catches and allows you to manually approve or reject all incoming scripts into your place.

Venom acts a bit differently from anti-exploit/anti-virus plugins because it doesn’t try to look for and single out potentially malicious scripts, it quarantines all scripts. It’s up to the user to determine if they want to keep the script that just got inserted or reject it. It does offer hints like suspicious functions and character count, but at the end of the day, it’s a human that decides if the script is okay to keep, not an algorithm.

5 Likes

Pushed a minor UI update to change the approve/reject icons to upvote and downvote icons, and reworded “Restore All” to “Approve All” and “Destroy All” to “Reject All”.

Just gave it a little test there, in all honesty you should add an undo button. I used “Reject All” and then once I clicked it, it was irreversable. No confirmation message, etc.

5 Likes

Nice plugin! I especially like the Panic button.

16 Likes