XLLs are native binaries that load directly into Excel’s process. That’s what makes them fast - and it’s also why Windows and Excel treat them with caution. Before you distribute an XLL, it’s worth understanding what that means in practice.
The warnings are real
If you download an XLL from the internet, Windows attaches a Mark of the Web flag to the file. Recent versions of Excel block XLLs with this flag by default. Users need to right-click the file, open Properties, and tick Unblock before Excel will load it. This is a one-time step, but it catches people out.
Without code signing, Windows SmartScreen may also flag the file, and endpoint protection tools at larger organisations can quarantine it entirely. Signing is not strictly required, but it removes most of the friction. You can sign with Azure Trusted Signing or a traditional certificate and signtool.exe. Built-in signing support is on the xllify roadmap.
Corporate IT
Many organisations restrict which add-ins can load through Group Policy. If you’re distributing internally, check with IT before you deploy. If you’re distributing externally, make signing and a clear provenance part of your distribution story.
Your function code is sandboxed
The Luau VM that runs your functions has no access to the filesystem, network, registry, or any system resource. Your function code cannot do anything outside its own execution context - that’s enforced by the runtime, not by trusting individual function authors. This is worth communicating to end users who are nervous about loading add-ins.
So really your trust boundary is with xllify, not individual function authors.
The caveat is that the XLL runtime itself is native C++, so it is not formally proven secure in the way a managed runtime written in something like Rust might claim to be. Vulnerabilities in the C++ compiler or standard library are theoretically exploitable, though in practice this class of issue is rare and applies equally to any native software on the machine.
The short version
An XLL built with xllify is no more inherently risky than any other native software. The Luau sandbox means your users are protected from malicious function code. The practical friction is around distribution - Mark of the Web, SmartScreen, and corporate policies - and signing addresses most of it.