Trusting Clients With Tools

I’m going to be very brief as I am very busy, but is there a way to at least LIMIT exploiting for my custom tool system.

So to explain, the system involves the server cloning a tool from ServerStorage, and parenting it to the client. This part is likely the only secure part of my whole system.
I also disabled Roblox’s default tool system, and to keep track of which tool is which, I created an Id system.

My problem is that the tool itself is very irrelevant, and the only important data I have on it is its Id, but when the client gets the tool, they’ll get access to the Id anyways, thus removing any sense of security. This is a problem b/c if the client is able to create a tool, and paste an Id into it, they would essentially be able to use it without getting it from the server.

Is there any way to prevent this (sorry for the lousy writing)?

I wouldnt worry much about them getting the tool in their inventory, all I would say is that what ever script handles said tool, make it run via the server (depending on what it is). If the client creates a tool and puts it into themselves the server wont be able to see said tool, so just check if the tool exists.

Hope that makes some sense lol

You can track what tools the Player has on the server and keep any sensitive information (id) server-side only. I don’t see any reason you would need the Player’s client to have access to something that is only used on the Server.