Suggestions for future features in the site

[KahpotVanilla]

First of all, that's the first time I see this kind of website, second of all this is crazy and it will save people from malicious plugins.
Now, for the suggestions:

1. Make a Discord server regerding the site, people can post issues there much quicker then github, also keep the issues on Github ofc.

2. Add to the .jar file scanner the feature to find either this is a NULLED plugin or NON-NULLED plugin. (Most NULL plugins coming from leak sites such as DirectLeaks, GhostLeaks, BlackSpigot, etc)
   Also, check where this plugin was downloaded first, so people can be aware of it.

3. Make the scanner more clearify for people who don't understand how the .jar of a plugin works, it can be so helpful

[Rikonardo]

1. Great idea! I made discord server, link is in the readme and on the website now.
2. I'll think about it. The problem is that it is technically impossible to determine from which site the plugin was downloaded. I've heard that some plugin leak sites add their copyright to the plugin.yml file, but I've never seen this myself.
3. The problem is that it is impossible to automatically determine whether a suspicious piece of code is malicious or serves a perfectly legitimate purpose. For example, PluginScan generates false positives for many legitimate libraries, such as the Kotlin runtime, and there is nothing I can do about it.
   Without at least minimal knowledge of Java, it will be almost impossible for a user to determine if this plugin poses a threat. Now I am considering adding hints to each report on the site, which will describe in detail the possible threat, as well as possible cases of false positives. This should make the tool a little easier to use. But still, I rather position PluginScan as a tool for advanced administrators to facilitate lengthy manual checks of plugins.

[JasperTheMinecraftDev]

1. Great idea! I made discord server, link is in the readme and on the website now.
2. I'll think about it. The problem is that it is technically impossible to determine from which site the plugin was downloaded. I've heard that some plugin leak sites add their copyright to the plugin.yml file, but I've never seen this myself.
3. The problem is that it is impossible to automatically determine whether a suspicious piece of code is malicious or serves a perfectly legitimate purpose. For example, PluginScan generates false positives for many legitimate libraries, such as the Kotlin runtime, and there is nothing I can do about it.
   Without at least minimal knowledge of Java, it will be almost impossible for a user to determine if this plugin poses a threat. Now I am considering adding hints to each report on the site, which will describe in detail the possible threat, as well as possible cases of false positives. This should make the tool a little easier to use. But still, I rather position PluginScan as a tool for advanced administrators to facilitate lengthy manual checks of plugins.

They inject their name in the main class of the jars.
For example SpigotUnlocked one's is:
System.out.println("\033[36m[Spigotunlocked.org] - COSMO")
Recommend just checking if spigotunlocked, blackspigot or directleaks can be found in the main class(case insensitive).