When to Load

Load this skill when designing security systems, auditing code for vulnerabilities, or hardening a Roblox game against exploit vectors. Covers movement hacks, remote abuse, economy attacks, DataStore exploits, and server-authority patterns.

Quick Reference

Core: Client is always compromised. Server = only source of truth.

Vectors & Mitigations

Vector	Attack	Fix
Movement	Speed/teleport/fly/noclip	Server velocity+pos checks per Heartbeat
Remote	Spam, arg spoof, replay	Rate limiter + validate arg types + idempotency
Economy	Dupe, negative qty	Session lock, atomic ops, qty > 0
DataStore	Save spam, session hijack	Server-controlled saves, JobId session lock
General	Client trusts values	Server computes ALL game state

roblox-security

When to Load

Quick Reference

Vectors & Mitigations

Key Patterns