By this I mean I am gonna make a event called for example “GiveSwordEvent” but I’m gonna do if you don’t have the sword you get kicked if some people think you can exploit it. Would this be a bad idea or should I do it just incase some people fall for it?
Its not a bad idea because it wont fire unless someone fires it so it wont affect anyone else if you make it right
Well people could straight up read local scripts so they could probably find out it was a fake event.
if you fire a remote event it goes to the server so they cant read it or delete it
No. Because when you equip the sword the event fires, thing is if you don’t have it and the event fires your kicked. Of course I’ll do a local check to see if you have the sword to trick them because inoocent people won’t get through a local check.
That’s if they understand scripting. A large majority don’t, they use other peoples code.
Perhaps they have a really basic understanding and will try to fire all remotes or something.
If they disable it, so be it. However, from my experience a lot fall for it.
I don’t outright ban them though, I just flag their account and then I adjust the game to have negative affects targetting them. Like them taking more damage, having less health, walking slower, not jumping as high, random deaths, bullets only firing on their side, animations being slower. It’s nice to have fun with them every now and then 
They can delete the client code, and they can delete the remote from their client. Then, no scripts will receive or send information from it anymore. It won’t affect other players, but all LocalScripts, and all client instances can be modified by exploiters. They can disable any client-sided anti-exploit.
You can always create an event with an enticing name, like “AntiExploit”, and make it so when they delete it on their client they are banned.
You can do this by sending a message to the client, and then the client sends a message back. Do this every 5 seconds or whatever.
If the server goes 30 seconds without getting a message from the client (compensate for people with bad internet), kick/ban them.
People can always create a new account and would then know not to delete that anymore, but it’s an option.
Nothing on the client will ever be safe from removal. Try to focus your anti-exploit on the server. It’s not bad to include a few client-side measures, just don’t ever rely on them.
That’s hilarious! Thank you for the fun ideas 