How RblxScript Curates and Verifies Every Tool Submission

Anyone with an account can submit a tool to RblxScript. Not every submission becomes a public listing. This is how we decide.

Step 1: Automated checks

When a submission lands, we run a battery of static checks against the code: known malicious patterns (cookie loggers, remote payload fetchers, obvious obfuscation wrappers), banned URLs, and forbidden keyword combinations. Anything that fails goes into a manual review queue rather than being auto-rejected — false positives are common.

Step 2: Description sanity check

A submission that calls itself an "OP exploit" or names features banned by Roblox's ad-network policies (vote-bots, account-stealing utilities, etc.) is rejected outright. The description has to describe an actual tool that does what it claims.

Step 3: Author check

New authors get extra scrutiny on their first three submissions. Established authors with a history of healthy listings can publish with lighter review. We keep a soft denylist of authors whose previous tools turned out to be malicious — they never get back through, even with a new account, when we can match the patterns.

Step 4: Loader compatibility verification

A moderator runs the tool against at least one of the loaders the author claimed compatibility with, on a clean alt account. If the tool fails to load, the submission is bounced back to the author with the failure log. If it loads but the behavior does not match the description, same outcome.

Step 5: Publish + ongoing watch

Once published, the listing enters our ongoing-watch system. Comments mentioning malicious behavior or sudden patches trigger a re-review. We pull the listing if the author abandons it past 60 days and the comments suggest it is broken or harmful.