core 1 credit · ~$0.015 <200ms
Package Validator
POST /v1/validate/imports Every import in AI-generated code is checked against the live package registry for its language, in parallel. Catches slopsquatting — hallucinated package names that do not exist (or worse, were registered by an attacker) before your agent runs pip or npm install.
Capabilities
- ✓ Live registry checks: PyPI, npm, crates.io, Go
- ✓ Parallel lookups, typically under 200ms
- ✓ Classifies each import valid / hallucinated / unknown
- ✓ Returns a hallucination rate for the whole snippet
Use cases
- → Gate AI-generated code before install or execution
- → Coding agents and autonomous dev pipelines
- → PR bots reviewing generated dependencies
example
curl -X POST https://api.agent-toolbox.ai/v1/validate/imports \
-H "Content-Type: application/json" \
-d '{"language": "python", "code": "import requests\nfrom badpkg import util"}' response shape
{
"verdict": "PASS" | "FLAG" | "BLOCK",
// tool-specific findings…
"certificate": "sha256:..."
}