From rune
Verifies AI-generated imports, API calls, and packages exist in changed code. Uses Grep/Glob to check internal files and manifests like package.json/requirements.txt. Auto-triggers after cook/fix.
npx claudepluginhub rune-kit/rune --plugin @rune/analyticsThis skill uses the workspace's default tool permissions.
Post-generation validation that verifies AI-generated code references actually exist. Catches the 42% of AI code that contains hallucinated imports, non-existent packages, phantom functions, and incorrect API signatures. Also defends against "slopsquatting" — where attackers register package names that AI commonly hallucinates.
Blocks unsafe code before commit with secret scanning, OWASP Top 10 detection, dependency audits, and permission checks. Hard gate that halts on critical findings.
Enforces quality and security in all AI-generated code: verifies packages, blocks insecure patterns, eliminates placeholders, ensures runnable and readable output.
Detects execution surface risks, supply chain vulnerabilities, data exfiltration vectors, and prompt injection patterns in Claude Code plugins. Use when auditing plugins for security risks, reviewing MCP server configurations, scanning hooks and scripts for vulnerabilities, or checking extensions before installation.
Share bugs, ideas, or general feedback.
Post-generation validation that verifies AI-generated code references actually exist. Catches the 42% of AI code that contains hallucinated imports, non-existent packages, phantom functions, and incorrect API signatures. Also defends against "slopsquatting" — where attackers register package names that AI commonly hallucinates.
cook after code generation, before commitfix after applying fixespreflight as import verification sub-checkreview during code reviewresearch (L3): verify package existence on npm/pypicook (L1): after code generation, before commitfix (L2): after applying fixespreflight (L2): import verification sub-checkreview (L2): during code reviewdb (L2): verify SQL syntax and ORM method calls are realreview-intake (L2): verify imports in code submitted for reviewskill-forge (L2): verify imports in newly generated skill codeadversary (L2): verify APIs/packages in plan actually existUse Grep to find all import/require/use statements in changed files:
Grep pattern: ^(import|require|use|from)\s
Files: changed files passed as input
Output mode: content
Collect every imported module name and file path. Separate into:
./, ../, @/, ~/)For each internal import path, use Glob to confirm the file exists in the codebase.
Glob pattern: <resolved import path>.* (try .ts, .tsx, .js, .jsx, .py, .rs etc.)
If Glob returns no results → mark as BLOCK (file does not exist).
Also use Grep to verify that the specific exported name (function/class/const) exists in the resolved file:
Grep pattern: export (function|class|const|default) <name>
File: resolved file path
If export not found → mark as WARN (symbol may not be exported).
From taste-skill (Leonxlnx/taste-skill, 3.4k★): "Before importing ANY 3rd party lib, check package.json."
Use Read on the project's dependency manifest to confirm each external package is listed:
package.json → check dependencies and devDependenciesrequirements.txt or pyproject.toml → [project.dependencies] and [project.optional-dependencies]Cargo.toml → [dependencies] and [dev-dependencies]Pre-import gate (BEFORE writing import statements, not just after):
⚠ Package '<name>' not in dependencies. Install first:
npm install <name> # JS/TS
pip install <name> # Python
cargo add <name> # Rust
Post-import verification (after code is written):
Also check for typosquatting: if package name has edit distance ≤ 2 from a known popular package (axios/axois, lodash/lodahs, react/recat), mark as SUSPICIOUS.
For each NEW external package (present in manifest but absent from lockfile):
3.5a. Registry existence check:
JavaScript: Bash: npm view <package-name> version 2>/dev/null
Python: Bash: pip index versions <package-name> 2>/dev/null
Rust: Bash: cargo search <package-name> --limit 1 2>/dev/null
If command returns empty/error → BLOCK (package does not exist on registry — likely hallucinated name).
3.5b. Popularity check (slopsquatting defense):
JavaScript: Bash: npm view <package-name> 'dist-tags.latest' 'time.modified' 2>/dev/null
→ If last modified > 2 years ago AND weekly downloads < 100: SUSPICIOUS
Python: Use rune:research to check PyPI page for download stats
Low-popularity packages with names similar to popular ones = SUSPICIOUS (potential slopsquatting attack).
3.5c. Known slopsquatting patterns:
Popular Package → Common AI Hallucination
axios → axois, axio, axioss
lodash → lodahs, loadash, lo-dash
express → expresss, express-js
react-router → react-routes, react-routing
python-dotenv → dotenv (wrong package in Python context)
Flag any match with edit distance ≤ 2 from these known pairs.
For any API endpoint or SDK method call found in the diff, use rune:docs-seeker (Context7) to confirm:
Mark unverifiable API calls as WARN (cannot confirm without docs).
Emit the report in the Output Format below. If any BLOCK items exist, return status BLOCK to the calling skill to halt commit/deploy.
INTERNAL — file exists, function/class exists, signature matches
EXTERNAL — package exists on registry, version is valid
API — endpoint pattern valid, method correct
TYPE — assertion matches actual type
SUSPICIOUS — package name similar to popular package (slopsquatting)
## Hallucination Guard Report
- **Status**: PASS | WARN | BLOCK
- **References Checked**: [count]
- **Verified**: [count] | **Unverified**: [count] | **Suspicious**: [count]
### BLOCK (hallucination detected)
- `import { formatDate } from 'date-utils'` — Package 'date-utils' not found on npm. Did you mean 'date-fns'?
- `import { useAuth } from '@/hooks/useAuth'` — File '@/hooks/useAuth' does not exist
### WARN (verify manually)
- `import { newFunction } from 'popular-lib'` — Function 'newFunction' not found in popular-lib@3.2.0 exports
### SUSPICIOUS (potential slopsquatting)
- `import axios from 'axois'` — Typo? Similar to popular package 'axios'
### Verified
- 12/15 references verified successfully
Known failure modes for this skill. Check these before declaring done.
| Failure Mode | Severity | Mitigation |
|---|---|---|
| Declaring "no hallucinations found" without listing what was checked | CRITICAL | Constraint 4 blocks this — always list verified count vs total |
| Marking phantom package (not in manifest) as WARN instead of BLOCK | HIGH | Unlisted package in manifest = BLOCK — not installed = won't run |
| Missing typosquatting check on external packages | MEDIUM | Edit distance ≤2 check is mandatory — check every external package name |
| Only checking package name, not the specific exported symbol | MEDIUM | Step 2: verify the specific function/class is exported, not just the file exists |
| Skipping registry verification for new packages | CRITICAL | Step 3.5 HARD-GATE: new packages MUST be verified against actual registry |
| AI-hallucinated package name passes because it "sounds right" | HIGH | Slopsquatting defense: check registry existence, not name plausibility |
| Low-popularity package with similar name to popular one not flagged | HIGH | Popularity check catches slopsquatting attacks on newly registered packages |
~500-1500 tokens input, ~200-500 tokens output. Haiku for speed — this runs frequently as a sub-check.