I have seen an exploiter spawn a gun that is not in my game and it showed they had the weapon on the server. They also spawned a zombie
Can exploiters take tools that aren’t in a game and put it into their backpack?
What would the anti cheat script for this look like?
You probably have a backdoor from a free model. Or you have a remote event which adds the tools without a if statement
I have a script which clones a tool from replicated storage but that tool was not the weapon the exploiter used.
You have a backdoor in your game. Please use my guide to remove said backdoor.
Could they edit the scripts inside the tool?
Scripts are not at all modifiable nor readable by the client. Either you have a backdoor in your game or your game is just lacking in security for remoteevents.