← Back to Skills Marketplace
mattschaller

slopcheck

by Matthew Schaller · GitHub ↗ · v0.1.2 · MIT-0
cross-platform ✓ Security Clean
324
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install slopcheck
Description
Validate npm package references in markdown, YAML, and config files against the live npm registry before installing or using them. Catches hallucinated and s...
Usage Guidance
This skill is essentially a README for a CLI that checks whether package names referenced in docs exist on npm; it's internally consistent and doesn't ask for secrets. Two practical cautions: (1) the SKILL.md demonstrates running `npx slopcheck` — running `npx` will fetch and execute code from the npm registry, so only run it if you trust or have inspected that package (prefer installing a vetted local copy or reviewing the GitHub source linked in the doc). (2) slopcheck intentionally does not scan package.json or lockfiles, so do not rely on it as your only supply-chain check. If you want fully automated enforcement inside agents, ask for a bundled implementation or explicit install instructions so you can audit the code before execution.
Capability Analysis
Type: OpenClaw Skill Name: slopcheck Version: 0.1.2 The slopcheck skill is a defensive utility designed to validate npm package names against the official registry to prevent the installation of hallucinated or 'slopsquatted' packages. The SKILL.md provides clear, legitimate instructions for scanning local files and does not contain any indicators of data exfiltration, prompt injection, or malicious intent.
Capability Assessment
Purpose & Capability
The name, description, and runtime instructions consistently describe scanning markdown/YAML/JSON/.cursorrules files for npm install/npx/pnpm/yarn/bun commands and checking package existence against the npm registry. Nothing requested (no env vars, no config paths) is unrelated to that purpose.
Instruction Scope
SKILL.md keeps scope narrowly to extracting package names from listed file types and querying the npm registry. It explicitly excludes package.json/lock files and lists directories to skip. The instructions do not ask the agent to read unrelated credentials or system state.
Install Mechanism
This is instruction-only (no install spec, no code). The doc repeatedly shows usage via `npx slopcheck` which would download and execute a package from npm at runtime — a real-world risk if you run it locally, but that is a user execution concern rather than hidden behavior of the skill bundle itself. The lack of a bundled implementation is a minor inconsistency (README for a tool with no shipped code here).
Credentials
No environment variables, credentials, or config paths are requested. That is proportionate for a read-only registry-checking tool that runs against local files and the public npm registry.
Persistence & Privilege
always is false and autonomous invocation is allowed (the platform default). The skill does not request persistent presence nor claim to modify other skills or system config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install slopcheck
  3. After installation, invoke the skill by name or use /slopcheck
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Bumped version to 0.1.2. - Added license information (MIT) to metadata in SKILL.md.
v0.1.1
- Improved documentation and usage examples for package validation against the npm registry. - Clarified output interpretation and exit codes for better usability. - Added detailed explanations of slopsquatting and phantom packages. - Expanded list of scanned file types and directories excluded from scans. - Documented all command-line options and JSON output structure.
Metadata
Slug slopcheck
Version 0.1.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is slopcheck?

Validate npm package references in markdown, YAML, and config files against the live npm registry before installing or using them. Catches hallucinated and s... It is an AI Agent Skill for Claude Code / OpenClaw, with 324 downloads so far.

How do I install slopcheck?

Run "/install slopcheck" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is slopcheck free?

Yes, slopcheck is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does slopcheck support?

slopcheck is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created slopcheck?

It is built and maintained by Matthew Schaller (@mattschaller); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments