You're right it has to do with filtering enabled and some built-in security that Roblox has. If a client (local script) creates a tool, that tool is destroyed pretty quickly if it is equipped. I wasn't aware that parenting it to the backpack also has some security behind it as well.
To understand this, we need to understand what is actually happening behind the scenes. The player's Backpackshares a lot of the same traits with ReplicatedStorage: objects inside only replicate in one direction (from server to client, not client to server). But something else happens with the Backpack: How do you prevent an exploiter from constantly attempting to equip an inappropriate tool? Consider this: exploiter constantly tries to equip an ill-conceived tool; how do you stop this? Use a check on the server to see if the tool exists from its perspective?
Unfortunately, this won't work because the tools are replicated to all other clients immediately. What you'll end up with are flashes of the inappropriate tool...not cool. So Roblox did something good: destroy all tools that are created and then equipped from the client. I don't mean ignore the tool, I truly do mean :Destroy()! I ran into this problem before when I noticed the engine pancaking my tools.
To get around this, just send requests from the client as a remote, verify if the request can be fulfilled/is accurate on the server, then process the request on the server.
Marked as Duplicate by SteelMettle1, matiss112233, nekosiwifi, and DeceptiveCaster
This question has been asked before, and already has an answer. If those answers do not fully address your question, then please ask a new question here.
Why was this question closed?