AI Hallucination Squatting Detector for Python Dependencies
Detect suspicious packages in your requirements.txt or pyproject.toml that may be:
- 🎭 AI hallucination squat targets — packages that LLMs commonly "invent"
- 📛 Typosquatting popular packages
- 🆕 Suspiciously new packages targeting known names
⚠️ Low reputation packages (no downloads, no author, no repo)
When developers use AI coding assistants (ChatGPT, Claude, Copilot, etc.), the AI sometimes "hallucinates" package names that don't exist. Attackers have learned to exploit this:
- LLM recommends
huggingface-cli(which doesn't exist) - Attacker registers
huggingface-clion PyPI with malware - Developer runs
pip install huggingface-cli - Malware executes on developer's machine
This is called "Slopsquatting" or "AI Hallucination Squatting" — and it's a growing supply chain attack vector.
pip install slopsquatcheckOr run directly (zero dependencies):
curl -O https://raw.githubusercontent.com/kriskimmerle/slopsquatcheck/main/slopsquatcheck.py
python slopsquatcheck.py requirements.txt# Scan a requirements file
slopsquatcheck requirements.txt
# Scan pyproject.toml
slopsquatcheck pyproject.toml
# Check a single package
slopsquatcheck --package some-suspicious-lib
# CI mode: fail if high-risk packages found
slopsquatcheck requirements.txt --check --min-score 40============================================================
slopsquatcheck - AI Hallucination Squat Detector
============================================================
Packages scanned: 5
Total findings: 3
Findings by severity:
CRITICAL: 1
HIGH: 1
MEDIUM: 1
------------------------------------------------------------
📦 huggingface-cli (Risk: 60/100, Grade: F)
🔴 [SS01] CRITICAL: Package is a known AI hallucination target
reason: This package name is commonly 'invented' by LLMs and may be registered by attackers
🟠 [SS03] HIGH: Package is very new (created 15 days ago)
first_release: 2026-01-25T14:32:00+00:00
age_days: 15
threshold: 30
------------------------------------------------------------
📦 reqeusts (Risk: 20/100, Grade: C)
🟠 [SS04] HIGH: Package name is suspiciously similar to 'requests'
similar_to: requests
levenshtein_distance: 2
reason: May be typosquatting or hallucination squat
============================================================
Overall Risk Grade: F (max score: 60/100)
⚠️ HIGH RISK: Review flagged packages carefully before installing!
| Rule | Severity | Description |
|---|---|---|
| SS01 | CRITICAL | Package is a known AI hallucination target |
| SS02 | CRITICAL | Package does not exist on PyPI |
| SS03 | HIGH | Package is very new (< 30 days old) |
| SS04 | HIGH | Package name is suspiciously similar to popular package |
| SS05 | MEDIUM | Package has missing or minimal description |
| SS06 | MEDIUM | Package has no author information |
| SS07 | LOW | Package has no homepage or repository URL |
| SS08 | HIGH/MEDIUM | Package has very low downloads |
| SS09 | MEDIUM | Package name matches common hallucination pattern |
usage: slopsquatcheck [-h] [--package PACKAGE] [--format {text,json}]
[--check] [--min-score MIN_SCORE] [--no-stats]
[--version]
[file]
positional arguments:
file requirements.txt or pyproject.toml to scan
options:
-h, --help show this help message and exit
--package, -p PACKAGE Check a single package name
--format, -f {text,json}
Output format
--check Exit with code 1 if high-risk packages found
--min-score MIN_SCORE Minimum risk score to fail (with --check)
--no-stats Skip download statistics check (faster)
--version, -V show version and exit
- name: Check for hallucination squat packages
run: |
pip install slopsquatcheck
slopsquatcheck requirements.txt --check --min-score 40# .pre-commit-config.yaml
repos:
- repo: local
hooks:
- id: slopsquatcheck
name: Check for hallucination squat packages
entry: slopsquatcheck
language: python
files: ^requirements.*\.txt$|^pyproject\.toml$
args: [--check]from slopsquatcheck import check_package, fetch_pypi_info
# Check a single package
findings = check_package("some-suspicious-package")
for finding in findings:
print(f"{finding.rule}: {finding.message}")
# Fetch package info
info = fetch_pypi_info("requests")
print(f"First released: {info.first_release_date}")The tool includes a database of package names that LLMs commonly hallucinate:
huggingface-cli— documented case with 30K downloads*-helper,*-utils,*-connectorpatterns- AI-related:
gpt-helper,llm-utils,chatgpt-helper, etc. - Generic:
api-connector,db-connector,auth-helper, etc.
- Parse dependencies from requirements.txt or pyproject.toml
- Query PyPI API for each package's metadata
- Check for red flags:
- Package doesn't exist (hallucination confirmed)
- Package is in known hallucination list
- Package name is similar to popular packages (typosquatting)
- Package is very new (registered recently)
- Package has no author, description, or repository
- Package has very low download counts
- Calculate risk score and report findings
| Tool | CVE Detection | Malicious Code Scan | Hallucination Detection | Package Age Check |
|---|---|---|---|---|
| pip-audit | ✅ | ❌ | ❌ | ❌ |
| GuardDog | ❌ | ✅ | ❌ | ❌ |
| safety | ✅ | ❌ | ❌ | ❌ |
| slopsquatcheck | ❌ | ❌ | ✅ | ✅ |
Use slopsquatcheck alongside these tools for comprehensive supply chain security.
- Fork the repository
- Add new hallucination targets to
KNOWN_HALLUCINATIONS - Add new popular packages to
POPULAR_PACKAGES - Submit a pull request
- AI Hallucination Squatting: The New Frontier of Supply Chain Attacks
- Bar Lanyado's huggingface-cli Research
- Vulcan Cyber's LLM Package Hallucination Study
MIT License — see LICENSE for details.