In a localscript? Can’t that be exploited
I’m not sure how can server REPLICATE THE HUMANOID PROPERTIES FROM THE CLIENT… But I’mma test it it might be cool and easier for anti cheats
all my example code avoids using properties or methods that potentially rely on the client for information, and I am fairly certain the client determines the FloorMaterial property because it makes no sense for the server to calculate this information, which is why I opted for using my own raycast in that example. I also specifically stated in a section of my guide that the client controls states, so exploiters can spoof that state to bypass a state check.
that still relies on the client, which means it isn’t reliable at all and can be spoofed by exploiters. My entire guide went over the fact that the client cannot be trusted at all.
All good tips from you but I must imply you try this detection script I found.
Powerful exploit detection, simply just add it into a local script. The creator did get banned for this item so do be castious!
This relies on a client-side check, which can be disabled easily by an exploit. My entire guide goes over the very fact that client-side anti-exploits are close to completely useless. It was also stated by someone in that post that this relies on undocumented client behaviour that can change at any time and immediately break the check, causing it to potentially trigger false positives for every player trying to join your game.
I understand where you’re coming from with the client side disabling part but how can I remove a game’s anti-cheat scripts on the client if my injector can’t successfully execute any code?
Proof
I want to say that this place was made using different people anti-exploit guide and it even has some code develop from your guide but the link that I provided has been the best overall in detection. Even without this script the game still has great security measure from you and other guides and I do thank you for that! 
that video doesn’t prove anything, you showed something that ran obfuscated code so it’s difficult to determine whether or not it works against all script injection, and even for that matter, all it takes is for the developers of the script injectors to create something at their level which prevents this check from working.
EDIT: what I mean by the obfuscated code not proving it works is that since I can’t tell if the obfuscated code makes any attempt to disable the anti-exploit, it cannot be proven that it does actually stop the anti-exploit
Most modernish exploits have autoinject, which I think can inject the exploit before any Luau code runs. Have you tested that?
With Luau going open source, I don’t think its unreasonable that your method will be fixed soon. Exploits just have to start using the Luau rather than Lua.
Great question and what a good point to make!
Well my answer for you is… Yes!
What's words without proof right?
I did test for false positives haven’t gotten any, still working to find any.
But just as stated
Sadly what @Reapimus said is true, but its good to have this code still to show you that you could or may I say could have check for injections.
1 Like
Have you tested a case where the injected code tries to disable the check before it can fire?
1 Like
To be honest I think that would be useless to do as you already mention
And I’ve tested the script with other executor’s and they easily bypass the script and can be removed client sided but still it was a good script. Still you way is the “Proper way” 
Though, the creator can multithread by coroutine.wrap so if the script is deleted, the code still runs
1 Like
I tested this case just now and it seems that this behaviour was either never a thing or it was fixed at some point by Roblox, so this wouldn’t be an option (I tested deleting a script in one case, and disabling it in another).
This is great base system for an anti cheat but, the no clip sends lots of false positives… not sure if I am doing something wrong, had to slightly adjust to not cause errors.
local cast1 = workspace:Raycast(playerState.lastPosition, CFrame.lookAt(playerState.lastPosition, character.PrimaryPart.Position).LookVector, playerRaycastParams)
local cast2 = workspace:Raycast(character.PrimaryPart.Position, CFrame.lookAt(character.PrimaryPart.Position, playerState.lastPosition).LookVector, playerRaycastParams)
if cast1 then
if cast2 then -- if cast1 and cast2 exist
local depth = (cast1.Position - cast2.Position).Magnitude
if depth > THRESHOLD then
print("The player triggered the check!")
end
else -- if cast1 exists, but not cast2
print("The player is likely inside of the object!")
end
end
That’s exactly what os.clock is for. It’s used for high-precision benchmarking. It’s not useful for finding the time but it is more useful and precise than tick() for finding the difference between two times. So this is completely backwards advice.
the noclip check was an example, if you’re getting false positives you should increase the threshold.
It appears only the inside of object is printing, how much between casting should I wait before creating one? What else should I be doing
the cast should be running each physics frame for best results.
Is there a way to possibly help with performance, from my past experiences ray casting like this is commonly causes lots of lag.