Stats
Actions
Tags
From rune
Verifies AI-generated imports, API calls, and packages exist. Checks internal files via glob/grep and external deps in package.json/requirements.txt/pyproject.toml. Auto-triggers after fix/cook.
How this skill is triggered — by the user, by Claude, or both
Slash command
/rune:hallucination-guardThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Post-generation validation that verifies AI-generated code references actually exist. Catches the 42% of AI code that contains hallucinated imports, non-existent packages, phantom functions, and incorrect API signatures. Also defends against "slopsquatting" — where attackers register package names that AI commonly hallucinates.
Post-generation validation that verifies AI-generated code references actually exist. Catches the 42% of AI code that contains hallucinated imports, non-existent packages, phantom functions, and incorrect API signatures. Also defends against "slopsquatting" — where attackers register package names that AI commonly hallucinates.
cook after code generation, before commitfix after applying fixespreflight as import verification sub-checkreview during code reviewresearch (L3): verify package existence on npm/pypicook (L1): after code generation, before commitfix (L2): after applying fixespreflight (L2): import verification sub-checkreview (L2): during code reviewdb (L2): verify SQL syntax and ORM method calls are realreview-intake (L2): verify imports in code submitted for reviewskill-forge (L2): verify imports in newly generated skill codeadversary (L2): verify APIs/packages in plan actually existUse Grep to find all import/require/use statements in changed files:
Grep pattern: ^(import|require|use|from)\s
Files: changed files passed as input
Output mode: content
Collect every imported module name and file path. Separate into:
./, ../, @/, ~/)For each internal import path, use Glob to confirm the file exists in the codebase.
Glob pattern: <resolved import path>.* (try .ts, .tsx, .js, .jsx, .py, .rs etc.)
If Glob returns no results → mark as BLOCK (file does not exist).
Also use Grep to verify that the specific exported name (function/class/const) exists in the resolved file:
Grep pattern: export (function|class|const|default) <name>
File: resolved file path
If export not found → mark as WARN (symbol may not be exported).
From taste-skill (Leonxlnx/taste-skill, 3.4k★): "Before importing ANY 3rd party lib, check package.json."
Use Read on the project's dependency manifest to confirm each external package is listed:
package.json → check dependencies and devDependenciesrequirements.txt or pyproject.toml → [project.dependencies] and [project.optional-dependencies]Cargo.toml → [dependencies] and [dev-dependencies]Pre-import gate (BEFORE writing import statements, not just after):
⚠ Package '<name>' not in dependencies. Install first:
npm install <name> # JS/TS
pip install <name> # Python
cargo add <name> # Rust
Post-import verification (after code is written):
Also check for typosquatting: if package name has edit distance ≤ 2 from a known popular package (axios/axois, lodash/lodahs, react/recat), mark as SUSPICIOUS.
For each NEW external package (present in manifest but absent from lockfile):
3.5a. Registry existence check:
JavaScript: Bash: npm view <package-name> version 2>/dev/null
Python: Bash: pip index versions <package-name> 2>/dev/null
Rust: Bash: cargo search <package-name> --limit 1 2>/dev/null
If command returns empty/error → BLOCK (package does not exist on registry — likely hallucinated name).
3.5b. Popularity check (slopsquatting defense):
JavaScript: Bash: npm view <package-name> 'dist-tags.latest' 'time.modified' 2>/dev/null
→ If last modified > 2 years ago AND weekly downloads < 100: SUSPICIOUS
Python: Use rune:research to check PyPI page for download stats
Low-popularity packages with names similar to popular ones = SUSPICIOUS (potential slopsquatting attack).
3.5c. Known slopsquatting patterns:
Popular Package → Common AI Hallucination
axios → axois, axio, axioss
lodash → lodahs, loadash, lo-dash
express → expresss, express-js
react-router → react-routes, react-routing
python-dotenv → dotenv (wrong package in Python context)
Flag any match with edit distance ≤ 2 from these known pairs.
For any API endpoint or SDK method call found in the diff, use rune:docs-seeker (Context7) to confirm:
Mark unverifiable API calls as WARN (cannot confirm without docs).
Emit the report in the Output Format below. If any BLOCK items exist, return status BLOCK to the calling skill to halt commit/deploy.
INTERNAL — file exists, function/class exists, signature matches
EXTERNAL — package exists on registry, version is valid
API — endpoint pattern valid, method correct
TYPE — assertion matches actual type
SUSPICIOUS — package name similar to popular package (slopsquatting)
## Hallucination Guard Report
- **Status**: PASS | WARN | BLOCK
- **References Checked**: [count]
- **Verified**: [count] | **Unverified**: [count] | **Suspicious**: [count]
### BLOCK (hallucination detected)
- `import { formatDate } from 'date-utils'` — Package 'date-utils' not found on npm. Did you mean 'date-fns'?
- `import { useAuth } from '@/hooks/useAuth'` — File '@/hooks/useAuth' does not exist
### WARN (verify manually)
- `import { newFunction } from 'popular-lib'` — Function 'newFunction' not found in [email protected] exports
### SUSPICIOUS (potential slopsquatting)
- `import axios from 'axois'` — Typo? Similar to popular package 'axios'
### Verified
- 12/15 references verified successfully
Known failure modes for this skill. Check these before declaring done.
| Failure Mode | Severity | Mitigation |
|---|---|---|
| Declaring "no hallucinations found" without listing what was checked | CRITICAL | Constraint 4 blocks this — always list verified count vs total |
| Marking phantom package (not in manifest) as WARN instead of BLOCK | HIGH | Unlisted package in manifest = BLOCK — not installed = won't run |
| Missing typosquatting check on external packages | MEDIUM | Edit distance ≤2 check is mandatory — check every external package name |
| Only checking package name, not the specific exported symbol | MEDIUM | Step 2: verify the specific function/class is exported, not just the file exists |
| Skipping registry verification for new packages | CRITICAL | Step 3.5 HARD-GATE: new packages MUST be verified against actual registry |
| AI-hallucinated package name passes because it "sounds right" | HIGH | Slopsquatting defense: check registry existence, not name plausibility |
| Low-popularity package with similar name to popular one not flagged | HIGH | Popularity check catches slopsquatting attacks on newly registered packages |
~500-1500 tokens input, ~200-500 tokens output. Haiku for speed — this runs frequently as a sub-check.
npx claudepluginhub rune-kit/rune --plugin @rune/analyticsBlocks unsafe code before commit with secret scanning, OWASP Top 10 detection, dependency audits (npm/pip/cargo), and permission checks. Hard security gate on critical findings.
Enforces quality and security in all AI-generated code: verifies packages, blocks insecure patterns, eliminates placeholders, ensures runnable and readable output.
Vets AI agent skills, prompts, and instructions for typosquatting, dangerous permissions, prompt injection, supply chain risks, and data exfiltration before deployment.