Is safe?

VirusTotal / “Trojan” detections

is an external — it reads and writes the memory of another process (Roblox). That’s the same kind of technique security software looks for when detecting trojans and game cheats. So antivirus and VirusTotal often flag it as “trojan” or “hacktool” even though it isn’t malware.

The app does not steal data, log keystrokes, or connect to unknown servers for payloads. It attaches to Roblox and draws an overlay, and it sends minimal activity data to our servers for things like key checks and updates. The flags are false positives due to how the program works, not malicious behavior.

Why does it use PowerShell / Windows Defender?

Because the app uses memory-reading behavior, Windows Defender (and other AV) may quarantine or delete the executable. To avoid that, the app can add only its own folder to Defender’s exclusion list so Defender stops scanning that folder. That’s it — no system-wide change, no “backdoor,” no extra permissions.

It does this by running a single, standard PowerShell command once (and only if the folder isn’t already excluded): Add-MpPreference -ExclusionPath '<app folder>'. You may see a UAC prompt; you can allow it or cancel — the app still runs, but Defender might delete it later if you cancel. No other PowerShell scripts run, and nothing is hidden or obfuscated.

You can add or remove the exclusion yourself anytime in Windows Security → Virus & threat protection → Manage settings → Exclusions.

Summary

• VirusTotal / “trojan” — False positive. The app modifies game memory like any external; that behavior is what gets flagged.
• PowerShell — Used only once to add the app folder to Defender exclusions so the exe isn’t quarantined. No other scripts.
• No malware — No data theft, no remote control, no payloads. The app sends minimal activity data to our servers for key checks and updates; otherwise it’s the Roblox overlay and license flow you see.