SkillAgentSearch skills...

ExternalResourceLoader

A godot C# plugin which safely loads external resources, mitigating bad actors from arbitrary code execution at runtime.

GenerateConvertImprove

Install / Use

/learn @mdarkwell/ExternalResourceLoader
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<img src="https://raw.githubusercontent.com/mdarkwell/ExternalResourceLoader/refs/heads/master/icon.png" width=24 height=24 /> ExternalResourceLoader

A godot C# plugin which attempts to safely load external resources, mitigating bad actors from arbitrary code execution at runtime.

⚠️ DISCLAIMER: This plugin does not make any guarantee or assurance that bad actors cannot still arbitrarily execute code. This merely mitigates the issue by scanning external resources for embedded scripts.

🤔 What does this do?

This attempts to scan for code signatures in any external resource loaded by Godot. If a code signature is detected, it will return an empty resource object. Otherwise, it will load the resource as intended.

⚙️ How does it work?

The plugin registers a custom high-priority ResourceFormatLoader which only overloads resource loading when attempting to load an external resource or scene. From there, it scans external resource data for any embedded code within the resource or scene. If it finds a code signature, it will return an empty resource instance rather than the resource.

flowchart

🤔 How do I use it?

Import the add-on, and build the project. Once you build the project, enable the plugin within the project settings.

😯 That's it?

Yep! When the project runs, it will load the ExternalResourceLoader, which automatically overloads ResourceLoader::Load() internally. Whether the resource is loaded at runtime, or from a static reference, as long as it's an external resource, it will scan for embedded code.

🪝 Can I detect when a bad resource is loaded?

Yes! Hook the signal ExternalPluginManager.Instance.ExternalResourceLoaded(string path, bool success) in order to receive a signal callback whenever an external resource fails to load. For example:

public override void _Ready()
{
	ExternalResourceManager.Instance.ExternalResourceLoaded += (path, success) => {
		GD.Print($"External resource {(success ? "failed to load" : "loaded")}: {path}");
	};
}

📋 Todo Checklist

  • [ ] Set up Github Actions for validating PRs and tag releases
  • [ ] Add configurable addon settings
    • [ ] Different modes for when a bad resource is detected
    • [ ] Configurable blocklist for certain resource types
    • [ ] Add the possibility for configurable directory exemptions
  • [ ] Validate Godot 4.2.x+

Related Skills

node-connect

351.2k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

110.6k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

351.2k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

351.2k

QQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。

mdarkwell

View profile

View on GitHub
GitHub Stars5
CategoryDevelopment
Updated3mo ago
Forks0
mdarkwell/ExternalResourceLoader

Languages

C#

Security Score

82/100

Audited on Dec 28, 2025

No findings