Modding Support and Security

Godot Version



So I want to add modding support to my game via loading user-provided PCK files (Godot itself would serve as the editor), but I am worried about security implications and users trying to push malicious mods.

  1. Is there a way to prevent code loaded via a PCK mod from utilizing any “dangerous” modules such as OS, while allowing my game use it (in other words, compiling without these modules is not an option)

  2. Failing that, is there a way to disable any code loaded from a PCK mod from running altogether and if some script is referenced game’s internal version of that script would be used instead? I’d love to support custom code as that would greatly enhance modding potential, but if 1) isn’t possible, then I would like to block custom code altogether for security reasons.