Code Slop Detection
Taste-level review of code for AI-generated patterns. Contains 24 rules across 6 categories covering comments, naming, over-engineering, defensive overdose, test slop, and style fingerprints. Where
measures
quantitative code debt (complexity, duplication, CVEs), this skill measures the
qualitative failure mode: code that passes every metric but reads like a tutorial blog post, not like a human wrote it.
Metadata
- Version: 1.0.0
- Scope: PHP / Laravel + TypeScript / React (Node)
- Rule Count: 24 rules across 6 categories
- License: MIT
Why this skill exists
Industry data on AI-assisted code (GitClear 2025, cURL bug-bounty shutdown 2025, arXiv 2510.03029):
- Refactoring collapsed from 25% to <10% of changes
- Copy-paste surged 8.3% → 12.3%; code duplication rose ~8x
- Code-smell rates +42–85% over human baselines
- 82% of AI PRs use generic catch blocks that don't distinguish error types
- 76% miss timeouts on external calls
None of this fails a typical CI lint. It just makes the codebase slowly unmaintainable. This skill is the lens for catching it before it ships.
The core insight: reading cost > writing cost now. The cost of writing code collapsed; the cost of reading it didn't. Code you can't quickly understand is slop, even if it works.
How to Audit
When the user asks "review for AI slop", "audit code-quality taste", or "find AI patterns" — run through this skill's rules as a checklist against the changed files (PR diff) or full repo.
Audit Step 1: Determine Scope
- If a PR diff is provided: audit only files changed in the diff
- If files are named: audit those
- If no scope: audit the whole repo, prioritized by recently-touched files (most likely AI output)
Audit Step 2: Detect Stack
| Signal | Stack |
|---|
| + | PHP / Laravel |
| (with TypeScript/React deps) | Node / TypeScript / React |
| Both present | Laravel + Inertia + React |
Audit Step 3: Run the Slop Checklist
For each item below, output:
- CLEAN — pattern not present (brief confirmation)
- SUSPICIOUS — present in small amounts; flag and discuss
- INFLATED — present extensively; verbose-but-functional; remediation recommended
- CRITICAL — extensive AI-fingerprint presence; full review needed before merge
Comments
Naming
Over-engineering
Defensive overdose
Test slop
Style fingerprints
Audit Step 4: Build the Slop Ledger
End the audit with a verdict table:
## Code Slop Ledger
| File | Verdict | Top findings | Suggested action |
|------|---------|--------------|------------------|
| app/Services/UserExportService.php | INFLATED | 12 narration comments; 3 closing-brace labels; `*Helper` overuse | Strip comments; rename Helper → split into functions |
| resources/js/Pages/Orders/Show.tsx | CRITICAL | 4 `as any`; mock-everything tests; useless wrapper; impossible null checks | Rewrite section; remove tests; revisit type model |
| app/Models/Order.php | CLEAN | — | — |
## Summary
- CLEAN: X files
- SUSPICIOUS: Y files
- INFLATED: Z files (top priority: …)
- CRITICAL: N files (rewrite before merge)
When to Apply
Reference this skill when:
- Reviewing an AI-assisted PR before merge
- Auditing a repo that has accepted heavy AI-assisted contributions
- Onboarding a codebase and assessing whether it reads as human-maintained
- Hardening a team's code-review checklist against AI slop
- After a "vibe coding" sprint, before declaring features done
- Setting up CI gates for AI-output quality
Step 1: Detect Project Stack
Most rules are stack-agnostic in concept, but examples and detection commands differ between PHP and TypeScript.
| Signal | Stack | Tooling |
|---|
| PHP / Laravel | , , , manual grep |
| Node / TS / React | , , , manual grep |
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|
| 1 | Comments | CRITICAL | |
| 2 | Naming | CRITICAL | |
| 3 | Over-engineering | HIGH | |
| 4 | Defensive overdose | HIGH | |
| 5 | Test slop | HIGH | |
| 6 | Style fingerprints | MEDIUM | |
Quick Reference
1. Comments (CRITICAL)
- — Comments that just restate the code on the next line
- — Generic over a typed signature
- — , , ,
comments-closing-brace-labels
2. Naming (CRITICAL)
naming-generic-placeholders
- —
theUserWhoIsCurrentlyLoggedIn
calculateTotalAmountFromItemsList
- — / / / / overused
- — , , ,
3. Over-engineering (HIGH)
over-eng-premature-interface
over-eng-single-method-class
- — Wrapper called from exactly one place, just delegating
over-eng-dependency-creep
4. Defensive overdose (HIGH)
- —
try { ... } catch (e) { console.error("error") }
defensive-impossible-null
- — Defensive in the wrong places; missing timeouts/rate-limits where it matters
5. Test slop (HIGH)
- — Mock for every dep; the test re-encodes the implementation, not the behaviour
- — Tests that just call the function and assert no exception
test-mirror-implementation
- — Snapshot tests replacing behavioural assertions
6. Style fingerprints (MEDIUM)
- — No formatting drift anywhere; every file looks linter-perfect
- — / / sprinkled where types are hard
- — Codebase has zero / markers; no "geology"
- — , , , left in production paths
style-trivial-boilerplate
if (x) return true; else return false;
Essential Patterns
The "would this pass code review?" filter
For each code chunk, ask:
- Could I cut a third of these comments and the code would be clearer? → likely comment slop
- Do the variable names tell me what they hold, or just what type they are? → likely naming slop
- Could this class be a function? → likely over-engineering
- Does this catch block actually handle anything, or just log? → likely defensive overdose
- Does this test fail if I break the function? → if no, test slop
- Are there any / markers in the diff? → if no, suspicious for AI
Verdict bands (matched to AI-SLOP-Detector's scoring)
| Verdict | Meaning | Action |
|---|
| CLEAN | < 5% of lines flagged | Ship |
| SUSPICIOUS | 5–15% flagged | Review changes one more time |
| INFLATED | 15–30% flagged | Strip slop, split commits |
| CRITICAL | > 30% flagged | Rewrite section before merge |
How to Use
Read individual rule files for detailed conventions and examples:
rules/comments-narration.md
rules/naming-generic-placeholders.md
rules/over-eng-premature-interface.md
rules/defensive-generic-catch.md
rules/test-mock-everything.md
rules/style-hyper-consistent.md
Each rule file contains:
- YAML frontmatter (title, impact, tags)
- Brief explanation of why the pattern is AI-fingerprint
- "Incorrect" example showing the slop
- "Correct" example showing the human-equivalent
- Detection guidance (grep / eslint / phpstan / heuristic)
- Reference link
References
-
GitClear — 2025 Code-Quality Trends Report (refactoring collapse, copy-paste surge)
-
-
Addy Osmani — Comprehension Debt (O'Reilly Radar)
-
Stack Overflow Blog — Eno Reyes Q&A on AI code quality
-
hardikpandya/stop-slop — sister project for prose slop
-
flamehaven01/AI-SLOP-Detector — Python AST scanner with 27 patterns
Full Compiled Document
For the complete guide with all rules expanded: