I believe they ought to be given much more muting power, but if it's abused, they should be perm banned. There has already been plenty of OSRS gold cases of pmod energy abuse, together with fewer mods and less power.
Im not a pro, but what should you need every customer to send out a token. Jagex approves customers they believe are in accord with the tos. Every day the token varies according to an RSA algorithm and every developer gets a different key. This way you can monitor if unexpectedly another client uses the exact same token constantly the key has been leaked and you revoke their permissions. Should maintain the bot clients offline.
Wouldnt the simplest method just be to approach runelite devs and make a deal with them instead of spending 100s of hours improving your own? Everyone employs runelite and the only reason some dont is because they dont understand about it.
Most new players invest nearly no time in the GE. My partner just started playing and she did not even see a single spam bot until like 3 days in. And the majority of these scam bots are targeting high level players with dumb brain or pot brain. "Omg I will sell my tbow to best old school runescape gold site this guy for 20 percent over market price directly alongside the automatic market he could only purchase it from" rather dumb.