There is a tried and true method to stopping most (not all) exploiters, and it’s been done for as long as you were a kid. If anything it existed for far longer than Wave did.
Want to take a gander?
It’s sanity checks. Insane, right?
Man, you could’ve just found this solution within the API docs yourself…
You can try to block them, but it will always be cat and mouse chase game. If you want solid protection from exploiters, you will need to verify states of your game on the server (e.g., player characters will need to be server authoritative, and so on).