AI & DevelopmentOpen SourceDeveloper Tools

AISlop: Catch AI Code Smells Before They Ship

30 views0
Terminal screen showing AISlop CLI scanning AI-generated code with quality score meter and highlighted anti-patterns in blue and white
AISlop detects the anti-patterns AI coding agents leave behind
ByteBotBy
Share

Your AI coding agent shipped code that compiles, passes tests, and quietly rots your codebase. Narrative comments explaining obvious logic, swallowed exceptions, dead branches that will never execute, and TypeScript’s as any scattered throughout the type system — none of it breaks the build, all of it costs you later. AISlop is a new MIT-licensed CLI that runs in under a second, requires no API key, and tells you exactly how bad your agent’s output really is.

The Problem Your Linter Can’t See

A March 2026 study from researchers at Heidelberg, Melbourne, and SMU analyzed 1,154 developer posts on Hacker News and Reddit and called AI-generated code pollution a “tragedy of the commons”: individual developers and companies capture the productivity gains, while reviewers and maintainers absorb the cost. One developer in the study put it plainly: “The development time has been shortened but the team now needs to spend more time to review.” Another described an AI agent that hallucinated external services and then mocked out those hallucinated services to make tests pass.

Production data backs this up. AI-generated code introduces 1.7x more total issues than human-written code across production systems. Traditional linters do not catch most of this because these are not style violations — they are behavioral fingerprints of how language models generate code. ESLint does not know that an empty catch block is a sign the agent silenced an error it could not handle. Ruff cannot tell you that a comment above self-explanatory code is useless filler. AISlop does.

What Your Agent Left Behind

AISlop targets ten categories of AI-specific code smells across TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP, and Expo/React Native:

  • Narrative comments// Get the user's name above const name = user.name
  • Swallowed exceptionstry { ... } catch (e) {} with an empty catch block
  • as-any casts — TypeScript type safety discarded to silence the compiler
  • Hallucinated imports — packages or internal functions the agent invented
  • Dead code and dead branches — unreachable paths generated for “completeness”
  • Oversized functions — entire solutions crammed into a single 200-line function
  • TODO stubs// TODO: implement this left in code the agent claimed was complete
  • Duplicated helpers — utility functions recreated despite existing elsewhere in the codebase
  • Generic variable namesdata, result, item, temp
  • Console.log leftovers — debug logging the agent never cleaned up

Fifty-plus rules, all deterministic, no LLM at runtime. The same code in always produces the same result out.

Getting Started in 30 Seconds

The zero-config entry point is a single command:

npx aislop@latest scan

Run it against your repo and you get a 0–100 quality score, a list of violations by file and rule, and an honest picture of what your agent left behind. It runs entirely locally — no API keys, no telemetry, no code leaves your machine.

If you want to clean up what it finds, the --safe flag restricts the fix run to changes that cannot alter behavior: unused import removal, narrative comment removal, and formatting. It is safe to commit directly. Drop the flag to also remove dead code and console.log statements, or use -f to go aggressive and prune unused files and dependencies.

Gate Your CI Pipeline

The real value is in CI. AISlop is published on the GitHub Actions Marketplace as the “aislop Quality Gate” action. Add it to your pull request workflow and block merges when the score drops below your threshold:

- uses: scanaislop/aislop-quality-gate@v1
  with:
    min-score: 70

The check runs in roughly the same time as your build — there is no added CI latency. You can also use aislop ci --min-score 70 directly in any pipeline, with a clean exit code CI systems can act on. Threshold configuration lives in .aislop/config.yml for per-repo tuning.

The practical effect: every PR that goes through a Cursor session or Codex run gets scored before a human reviewer touches it. Agents running hot on token count tend to score in the 40–60 range without a fix pass. A threshold of 70 catches the worst output without blocking clean code.

Worth Installing Now?

AISlop is at v0.10.1 — early, not v1.0. A June 2026 review that tested it against three Cursor-heavy repos gave it 3.6 out of 5: “Great idea, early stage. Worth installing now.” The most recent release improved Python complexity detection and cut TypeScript false positives. Some rules are still noisy. There is no IDE plugin yet — CLI only.

But “early stage” is the wrong lens here. The concept is correct, the execution is fast, and the price is free. The tool had a Show HN launch in late May and hit its stride quickly because it solves a problem every developer using AI agents has already noticed but could not measure. Now you can.

Install it. Run it against a recent AI-assisted branch. The score will probably surprise you — and not in a good way. That is the point.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.
    Previous
    Next

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:AI & Development