Publishing to the Anomaly catalogue
This guide walks you through publishing a mod to mods.anomalylabs.io — the authoritative SCP:SL mod source used by the Anomaly Launcher.
Every mod in the catalogue is manifest-validated, ClamAV-scanned, and served through a sandboxed install flow. Reports trigger a deeper VirusTotal pass and pull the release from the public catalogue until an admin clears it.
The manifest
{
"id": "utility.roundreports", // slug, lowercase
"version": "2.3.0", // strict semver
"gameVersions": ["14.2.6", "14.3.0"], // exact versions, no ranges
"name": "RoundReports", // optional override
"description": "Per-round stats export.",
"files": {
"mods": ["RoundReports.dll"],
"userLibs": ["SharedDep.dll"],
"userData": ["RoundReports/config.json"],
"labApiPlugin": ["RoundReports.Server.dll"]
},
"dependencies": [
{ "id": "utility.queueskip", "version": "^1.0.0" }
],
"tags": ["utility", "stats"],
"changelog": "Fix NRE in serializer."
} File targets
DLLs MelonLoader auto-loads at startup.
Shared dependencies — dedup-friendly.
Configs, assets, anything not loaded as a mod.
Server-side LabAPI plugin DLL — surfaced as the Server Pack download.
Scan + approval
Each new file blob goes through ClamAV. Per-file results combine into a per-release state machine:
- any file MALICIOUS → release REJECTED
- any file still PENDING → release stays PENDING
- any file SUSPICIOUS or ERROR → release moves to REVIEW
- all files CLEAN → release auto-publishes as APPROVED
ClamAV is signature-based — it catches known malware but not novel attacks. Reports from players trigger a deeper VirusTotal pass and instantly de-list the release until an admin clears it.