Show HN: AISlop, a CLI for catching AI generated code smells

Posted by Heavykenny 1 hour ago

Show HN: AISlop, a CLI for catching AI generated code smells(github.com)

Hi, I’m Kenny, I’ve been building aislop. I starting working on this after using Claude Code, codex and opencode several times and noticing some slops. They aren’t syntax and passes most tests, they are patterns like empty catch blocks, useless comments, duplicated helpers, dead code and many more. So I built a tool to scan and check for these patterns and wired it into hooks so after each tool call, the agent checks for the slops.

You can try it out with npx aislop scan.

It’s all local and no code is transferred. Thank you.

61 points | 51 comments

ronbenton 53 minutes ago|

Petition to rename this “SlopCop”

gregman1 41 minutes ago||

Sold!

Heavykenny 35 minutes ago||

nice one

cityofdelusion 28 minutes ago||

I’m eager to test this out. I have agent instructions to try to limit the worst of this already, but patterns still sneak through. I have a review agent run after every single edit looking for all of the following if you need more ideas for checks:

- DRY principle violations, multiple definitions of the same helpers or utilities.

- Changes that deviate from existing patterns and architecture already in the code, especially in nearby and related code

- Comments that add no context or simply restate the field name.

- Naming violations (enterprise factoryfactoryabstraction stuff, excessively long names, overly technical names, banned words like “seam”, “durable”, and no-value-qualifiers like “SaveGame” -> “Save”).

- Tests that check implementations instead of correct business behavior.

- Overly backwards-compatible unless asked for (this one is incredibly hard to keep under control, as AI loves to guard everything even if the previous code was never deployed and thus there is no contract break)

- Un-necessary guard code (this is hard to control, most common case is the AI not relying on the serializer error handler and instead adding guards that the library already handles)

- Changing public API contracts without express permission to do so (depends on the code, eg a library JAR or versioned REST service)

- Meta references to previous code versions, to tasks or todos, or to instructions and other non-code context (e.g you tell the AI the adder should ignore negative numbers and that meta fact enters the comments or code)

I usually hand review all changes myself but it’s incredibly tedious so I try to first pass with the review agent until it comes back clean. I hate wasting tokens on it though.

smj-edison 23 minutes ago|

Oh my gosh, the guard code drives me crazy. In try so hard to get Kimi to put in asserts instead of silently swallowing corrupt values, but it keeps handling bad values poorly instead of crashing. I've even explicitly put in CLAUDE.md that correctness is more important then continuing to run, but it still keeps defensively programming when it should loudly crash.

fishgoesblub 57 minutes ago||

Apparently I need to check in with a Doctor because code written by myself is seen as AI, and the lazy AI bits aren't. More Human than Human?

add-sub-mul-div 47 minutes ago|

Unfortunately, AI detection can never be assumed to be accurate for the same reason the AI itself can never be assumed to be accurate.

(Not that I think you didn't probably already know that.)

bigfishrunning 1 hour ago||

A linter with rules for AI-specific weirdness is absolutely a great idea, thank you! Are there any plans to support other languages besides javascript?

Heavykenny 1 hour ago|

Thank you. I currently support up to 8 languages: php, go, rust, python, js and ts

MonstraG 1 hour ago||

thats 6?

ryandrake 59 minutes ago|||

The thread just became meta-ironic, with regard to AI hallucinations.

xnorswap 51 minutes ago||||

Perhaps they're counting PHP as 3 languages in a trench coat

genghisjahn 1 hour ago||||

7 and 8 are left as an exercise for the reader.

stymaar 1 hour ago||

I have the implementation for languages 7 and 8 but it's too big to fit in this comment section.

genghisjahn 21 minutes ago||

I'm just joking. This is cool stuff you made.

Retr0id 1 hour ago||||

well, they did say "up to" 8

Hovertruck 36 minutes ago|||

The README also lists Java and Ruby

sinansaka 39 minutes ago||

I was about to write what advantage it has over linters but then saw the built on section. Good work. We use megalinter with our flavour of go and vite rules, plus extensive e2e testing after each agent run. Quality of the spec driven agentic PRs are significantly better than the baseline. Megalinter is quite resource heavy and slow, so will definitely check this out

Heavykenny 34 minutes ago|

Thank you, really appreciate. Feel free to create issue if you have any

jhack 33 minutes ago||

This is a great idea. Even if you're one of those developers squarely focused on getting the final result working, code quality still matters (to people and LLMs).

Everyone should be doing regular code reviews and this helps a lot.

tolawuwo 30 minutes ago|

Thanks for the feedback. Really appreciate it

macNchz 53 minutes ago||

I don’t see if this is one of the covered cases, but one of the more common and nefarious patterns I run into is what you might call "sweeping exceptions under the rug." I think the agent’s motivation to get things running encourages these antipatterns of designing routines that are fault tolerant in a sort of maladaptive way: e.g. catching an error, logging a warning that something didn’t work, and continuing, but with now potentially missing/broken state.

This has bitten me a couple of times, and it’s surprisingly annoying to nudge agents into good/resilient patterns or identify situations that should fail loudly, at least in my experience. The retry mechanisms they come up with on their own are often pretty terrible as well.

I’ll note, though, that I have seen this from human engineers plenty of times, and at least the AI usually adds some logs rather than just totally silently absorbing an exception!

bratsche 46 minutes ago||

For anyone who wants something like this for Elixir, there is an open source hex package: https://hex.pm/packages/ex_slop

n0x1103 39 minutes ago||

Gave it a try but there were a lot of false positives. SQLModel's exec method for example gets flagged every time thinking it's python's exec() function.

ryandrake 54 minutes ago|

I think a lot of the telltale signs of AI can be found in the comments. Besides the slop writing style, I've found AI comments to 1. be overly verbose, 2. unnecessarily describe before/after code state (# This function used to do foo, but now it does bar), and 3. reference its own internal "plan" (# This function is part of Stage 3 of the implementation of Use Case X from the requirements doc) WTF is Stage 3? - says code reader 2 years from now. Although I bet you can probably prompt these behaviors away.

More comments...