Luma
GitHub

Lua Script Analyzer

Static analysis for Lua scripts. Detect malicious patterns, obfuscation, and security risks without executing code.

Drop your Lua file here

or click to browse

.lua or .txt up to 5MB
Privacy & Security

Your code is safe. Analysis happens entirely in-memory on our servers. Uploaded scripts are never saved to disk or database (unless you explicitly submit to Community). Files are analyzed immediately and discarded after processing. We do not store, share, or retain your private scripts.

What We Detect
Webhook & HTTP Activity

Discord webhooks, HttpGet requests, and external data exfiltration attempts

Remote Code Execution

loadstring calls, bytecode loading, and dynamic code execution chains

Environment Manipulation

getgenv, getfenv, setfenv, and global environment tampering

Bytecode & Encoding

Compiled bytecode detection, base64 encoding, and obfuscation patterns

Obfuscation Patterns

String concatenation, variable name mangling, and anti-analysis techniques

Player Data Access

Attempts to access player information, UserIds, or sensitive game data

Usage Limits & Technical Constraints
  • Maximum file size: 500 KB per script
  • Maximum recursion depth: 10 levels for function calls
  • Rate limiting: 10 scans per minute per IP
  • Link following: External includes are not resolved
  • Large scripts may be truncated if they exceed analysis limits
Discord Bot Integration

Discord Bot: Coming Soon — Scan scripts directly from your Discord server.