Verified / Safe Scripts

This page explains what "verified" Luarmor scripts are. This feature is optional, and you do not have to opt-in as a script developer.

For script developers:

Verified scripts require manual approval by Luarmor owner. Source code will be reviewed by owner and deleted from our systems after obfuscation.

Your data will be anonymized and reviewer will not see who submitted the script.

This will ensure that script does not contain any malware or potentially dangerous code (e.g stealers, rats, ip loggers, reflective code loaders etc..)

Once you enable Verified mode, you can not turn it off due to safety reasons.

(e.g if your Luarmor account gets hacked, bad actors will not be able to replace your already existing script to a malicious one without approval)

Rules & Limitations:

You will not be able to use certain functions and APIs in your code to ensure 100% safety of your users. Using these functions will result in rejection of your script update request. It will not count from obfuscation.

  • Making Requests to Unknown External URLs: E.g, or any other site that could be used to obtain information about client is not allowed.

  • Sending Sensitive User Information to Webhooks / URLs: You are not allowed to send IP addresses / cookies of your users to webhooks or other URLs. You can still send other stuff like in-game stats, usernames etc. as long as they are not sensitive.

  • Code Loading: You will not be able to use loadstring or any similar mechanism (e.g a lua VM, require) with external & unpredictable sources like pastebin, github, or any other URL. Keep in mind that you can still use these functions if you are loading the code from a local source (e.g readfile, in-game modules) or a string that's hard coded in your script. In some cases, public & known libraries will be allowed through URLs.

  • Creating & Writing Files: You are allowed to write or create files as long as their content is not retrieved from an external & unpredictable source. Also file content must not be malicious or remotely changeable.

  • Potentially Malicious Code: You are not allowed to abuse vulnerabilities within the platform to gain unauthorized access to outside of Luau sandbox. (e.g ACE/RCEs, PC username grabbers, Browser URL openers, RATs, Token loggers etc..)

  • Stealers: Pet stealers, gem stealers, auto traders, robux stealers, cookie stealers etc. are not allowed in Verified scripts.

  • Obfuscated Behavior: If your script contains obfuscated or unpredictable code (e.g accessing functions through runtime-generated names via getfenv, _G, getrenv or similar environment functions/tables, obfuscated code, encrypted strings) your submission will be rejected.

New rules / limitations can be added anytime without notification. Existing rules will not be removed.

Verification process usually takes less than 30 minutes depending on queue size and availability of the admin. In some cases, it might take up to 12-24 hours due to timezone differences or other reasons.

You can check how long it will take on dashboard while creating/editing a script.

Your raw script will be seen by only one person (Federal) and will not be shared. It will be automatically deleted as soon as it is reviewed.

Your data will be anonymized and reviewer will not see who submitted the script.

For script users:

If a script is "verified", it means it has been reviewed by a human before publishing, and does not contain malicious code.

Keep in mind that verified scripts do not guarantee quality, we do not test the script in game. We only check it for malwares or loggers. Once they are confirmed to be free of malware, they get published.

How to check if a script is actually Verified?

You can check if a script is verified through our Script Checker page.

Copy and paste the script ID into search bar and you will see certain security features of the script if it has been verified.

You can also check if loader URL has "/verified/" in it. If you see it, it means that script is a legitimate loader verified by Luarmor. If you don't see it, you can still lookup its ID on check page just to make sure.

It is your responsibility to make sure that your loader & script IDs are legitimate. Check the domain ( before proceeding. External loader sources (,, or custom URLs) might contain other scripts.

Last updated