aedelon/anti-hallucination
skills/anti-hallucination/SKILL.md
CRITICAL SAFETY SKILL — Verify ALL technical claims, API signatures, library methods, code behavior, and factual statements before answering. Use Context7, WebSearch, and Read tools to confirm. MUST BE USED PROACTIVELY whenever: writing code that calls any library or API, answering technical questions, stating facts about frameworks or tools, mentioning version numbers, describing function behavior, recommending libraries, comparing technologies, or making any claim that could be wrong. Triggers: "how does X work", "what are the arguments for", "does this function exist", "is this the right syntax", "what version", "API reference", "documentation for", "how to use", "method signature", "return type", "parameters", "correct usage", "does this library support", "what's the default", "is this deprecated". Prevents hallucinated code, wrong function names, fabricated documentation, and incorrect facts. When in doubt about ANY technical claim, this skill MUST activate.
$ install --global
skillsauthnpx skillsauth add aedelon/claude-code-blueprint anti-hallucinationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 12:15 PM36.7s1 file scanned
SKILL.md
- name:
- anti-hallucination
- description:
- |-
- MUST BE USED PROACTIVELY whenever:
- writing code that calls any library or API, answering technical questions,
- Triggers:
- how does X work", "what are the arguments for", "does this function exist",
Anti-Hallucination Protocol
Decision Tree (MANDATORY)
Question type?
├── API/Library signature → Context7 FIRST, THEN answer
├── Recent event/fact (< 1 year) → WebSearch FIRST
├── File content → Read tool FIRST
├── Code behavior → Read + trace FIRST
├── Historical fact → Can use training data
└── Cannot verify → State "I don't know"
Forbidden Actions (NEVER)
- NEVER invent function signatures
- NEVER guess library versions
- NEVER assume API behavior without docs
- NEVER fabricate citations or URLs
- NEVER claim certainty without verification
- NEVER make up statistics or numbers
- NEVER invent paper titles or authors
Confidence Declaration
| Level | Criteria | Response Format | |-------|----------|-----------------| | HIGH | Verified via tool, 2+ sources | "According to [source]: ..." | | MEDIUM | Single reliable source | "Based on [source], but should verify: ..." | | LOW | Memory only, no verification | "I believe that... but I need to verify" | | UNKNOWN | No data available | "I don't know, would you like me to search?" |
Verification Workflow
Step 1: Identify Claim Type
| Claim Type | Verification Tool |
|------------|-------------------|
| Library API | mcp__context7__get-library-docs |
| General fact | WebSearch |
| Specific URL | mcp__fetch__fetch or WebFetch |
| File content | Read |
| Code pattern | Grep |
Step 2: Execute Verification
BEFORE answering:
- Use appropriate tool
- Read the result carefully
- Extract relevant information
- Note any version constraints
Step 3: Cite Source in Response
# Good response
According to React 18.2 documentation: `useEffect` accepts two arguments...
Source: Context7 /facebook/react
# Bad response
useEffect accepts two arguments... (no citation)
High-Risk Areas (Extra Caution)
API Signatures
HIGH RISK: Method names, parameter order, return types
ACTION: Always verify with Context7 before stating
Example:
❌ "The function takes (a, b, c) as parameters"
✅ "According to Context7: fetch(url, options?) → Promise<Response>"
Version-Specific Behavior
HIGH RISK: Breaking changes between versions
ACTION: State version explicitly
Example:
❌ "Next.js uses the App Router"
✅ "Next.js 13+ uses App Router (Pages Router before)"
Recent Changes
HIGH RISK: Features added/removed recently
ACTION: WebSearch for confirmation
Example:
❌ "React 19 introduces..."
✅ "According to web search (Dec 2024): React 19..."
Response Templates
Verified Answer
[Response based on verification]
**Source**: [Tool used] - [Source detail]
**Confidence**: HIGH
Partially Verified
[Response with some parts verified]
**Verified**: [What was confirmed]
**Unverified**: [What remains to confirm]
**Confidence**: MEDIUM
Cannot Verify
I don't have reliable information on this point.
**Options**:
1. I can search using [appropriate tool]
2. Consult [suggested source]
3. [Alternative if applicable]
Self-Check Before Response
□ Did I verify API signatures?
□ Are versions explicit?
□ Are sources cited?
□ Is my confidence level declared?
□ Did I avoid inventing details?
Related Skills
aedelon/uv-workflow
tools
VerifiedTrustedCommunity
Master uv package manager for Python: project setup, dependency management, virtual environments, lockfiles, CI/CD integration, Docker builds, and migration from pip/poetry. MUST BE USED when user mentions: "uv", "uv add", "uv run", "uv sync", "uv init", "uv lock", "uv venv", "uv pip", "pyproject.toml", "python project setup", "python dependencies", "virtual environment", "venv", "pip install", "poetry to uv", "migrate from pip", "lockfile python", "requirements.txt", "setup.py", "pip freeze", "uv tool", "install package", "add dependency", "python environment", "new python project", "package manager python", "create project", "uv export", "uv cache", "uv python". 10-100x faster than pip. Covers init, add, sync, lock, run, Docker, CI/CD. NOT for npm/pnpm/yarn (JS toolchain), Rust cargo, or deployment (use deployment-assistant).
53SKILL.mdUpdated Mar 27, 2026
aedelon/security-audit
development
VerifiedTrustedCommunity
Proactive security audit: OWASP top 10, dependency vulnerabilities, secrets detection, input validation, auth patterns, and secure defaults. MUST BE USED when user mentions: "security", "vulnerability", "audit", "OWASP", "CVE", "security review", "pentest", "injection", "XSS", "CSRF", "authentication", "authorization", "secrets", "hardcoded password", "secure", "npm audit", "pip-audit", "check security", "is this secure", "security risk", "data leak", "SQL injection", "command injection", "path traversal", "SSRF", "RCE", "privilege escalation", "supply chain", "dependency scan", "snyk", "trivy", "semgrep", "bandit". Scans code for vulnerabilities, checks dependencies, verifies auth patterns. NOT for explaining security concepts (use pedagogical-explain), or general code review (use code-review).
53SKILL.mdUpdated Mar 27, 2026
aedelon/research-protocol
development
VerifiedTrustedCommunity
Conduct rigorous research with proper citations (DOI, arXiv, PMID) and source triangulation. MUST BE USED when user asks: "what is SOTA", "recent developments", "compare X vs Y", "is it true that", "research says", "latest papers on", "scientific evidence", "studies show", "state of the art", "literature review", "find papers", "academic research", "benchmark results", "who published", "when was X released", "current best", "what does the research say", "evidence for", "peer reviewed". Searches multiple sources, evaluates reliability, states confidence level. NOT for verifying API signatures (use anti-hallucination) or general web search (use WebSearch directly).
53SKILL.mdUpdated Mar 27, 2026
aedelon/core-protocols
development
VerifiedTrustedCommunity
Debug errors systematically by searching first, then analyzing, then proposing verified solutions. MUST BE USED when user reports: "error", "bug", "doesn't work", "fails", "crash", stack traces, exception messages, or any troubleshooting scenario. Triggers: "TypeError", "ImportError", "undefined is not a function", "segfault", "panic", "broken", "not working", "unexpected behavior", "regression", "failing", "exception", "traceback", "stack trace", "debug this", "why does this fail", "help me fix". Also enforces confidence levels and output templates. Prevents guessing solutions without research.
53SKILL.mdUpdated Mar 27, 2026