Depending on how they were uploaded, workshop entries could hypothetically contain malware. Contextual example: A couple years back, someone was using the Starbound workshop to distribute pirated copies of a paid version of Minecraft which is most certainly not a Starbound mod.

That said, the likelihood of anything malicious being distributed in a self-executable form is low.

Originally posted by Azure Fang:

Depending on how they were uploaded, workshop entries could hypothetically contain malware. Contextual example: A couple years back, someone was using the Starbound workshop to distribute pirated copies of a paid version of Minecraft which is most certainly not a Starbound mod.

That said, the likelihood of anything malicious being distributed in a self-executable form is low.

in the example you given, instead of steam installing the subscribed to items when running the game they hid an exe file in the mod files with cracked minecraft that you had to manually run for it to do something?

also i'm assuming the mods were getting removed quickly and never got to the most subscribed page

In the case of gmod, people can and have used lua to play ads, essentially turning their addon into adware.

I'd just like to point out the amusing irony of this thread being juxtaposed with the thread "Any game to earn cryptocurrency on Steam?".

Originally posted by Lily McFluffy Butt:

In the case of gmod, people can and have used lua to play ads, essentially turning their addon into adware.

damn i heard weird ♥♥♥♥ about gmod and valve games, it seems like its the best idea to join a developer's discord server and ask how they handle mods and what do they allow, for instance i joined the teardown server and one of the developers said that they don't allow DLLs and block external calls so the only thing a mod can do is to cause harm to other mods

Originally posted by pizza:

Originally posted by Azure Fang:

Depending on how they were uploaded, workshop entries could hypothetically contain malware. Contextual example: A couple years back, someone was using the Starbound workshop to distribute pirated copies of a paid version of Minecraft which is most certainly not a Starbound mod.

That said, the likelihood of anything malicious being distributed in a self-executable form is low.

in the example you given, instead of steam installing the subscribed to items when running the game they hid an exe file in the mod files with cracked minecraft that you had to manually run for it to do something?

also i'm assuming the mods were getting removed quickly and never got to the most subscribed page

Actually, in my given example, the pirated game was stored in Starbound's modpak format. Using a tool to unpack the "mod", what users found was the aforementioned Minecraft as well as a folder full of image macros/meme images.

Unless the developers are stupid (see the history of Spacebase DF-9), most mod content will not be able to access or affect anything outside of the game environment, unless the user actively digs into the mod files. Most mods are either packed into inert archives, or dedicated upload tools disallow certain content. However, if the game allows raw SteamCMD uploads and the depot is sparsely configured, or if there's no limiter placed on scrip access, then the risk is there.

historically, it was always the game that handled the workshop files, which allowed malicious behaviour, not the workshop files itself.

No Workshop files don't contain malware or viruses. In theory a workshop mod could contain a clickable link to a 3rd party phishing sites and stuff like that, but in those rare cases it gets reported and dealt with quickly.