core 1 credit · ~$0.015 <200ms

Package Validator

POST /v1/validate/imports

Every import in AI-generated code is checked against the live package registry for its language, in parallel. Catches slopsquatting — hallucinated package names that do not exist (or worse, were registered by an attacker) before your agent runs pip or npm install.

Capabilities

  • Live registry checks: PyPI, npm, crates.io, Go
  • Parallel lookups, typically under 200ms
  • Classifies each import valid / hallucinated / unknown
  • Returns a hallucination rate for the whole snippet

Use cases

  • Gate AI-generated code before install or execution
  • Coding agents and autonomous dev pipelines
  • PR bots reviewing generated dependencies
example
curl -X POST https://api.agent-toolbox.ai/v1/validate/imports \
  -H "Content-Type: application/json" \
  -d '{"language": "python", "code": "import requests\nfrom badpkg import util"}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}