ReddRadar
Agent skill
detecting-ai-code
Use when auditing code for AI authorship, reviewing acquisitions/contractors, verifying academic integrity, or during code review - provides systematic tiered framework for detecting fully AI-generated AND AI-assisted code patterns with confidence scoring
Install this agent skill to your Project
npx add-skill https://github.com/galihcitta/dotclaudeskills/tree/main/skills/detecting-ai-code
SKILL.md
Detecting AI-Generated Code
Overview
Systematic framework for detecting AI-generated and AI-assisted code. Uses tiered signal detection with confidence scoring.
Core principle: Check metadata FIRST (highest confidence), then comments, then code patterns. Multiple signals compound confidence.
Detection Framework (Check in Order)
Tier 1: Metadata Signals (Highest Confidence)
ALWAYS CHECK THESE FIRST - they're definitive.
| Signal | What to Look For | Confidence |
|---|---|---|
| Git headers | Co-Authored-By: Claude, Co-Authored-By: GitHub Copilot |
Definitive |
| Commit patterns | Uniform "Add X functionality" pattern across all commits | High |
| Generated footers | "Generated with [Claude Code]", "Created by Copilot" | Definitive |
| Config files | .cursorrules, CLAUDE.md in repo |
High |
| README template | Exact Claude/GPT README structure (see below) | High |
AI README Template Pattern:
# Project Name
## Overview
[Formal description]
## Features
- Feature 1
- Feature 2
## Installation
[Perfect instructions]
## API Endpoints (table)
## Environment Variables (table)
## Contributing
## License
If README follows this EXACT structure with perfect tables and no personality → High AI probability.
AI Commit Message Patterns:
Add user authentication with JWT tokens
Add password recovery functionality
Add comprehensive documentation ← "comprehensive" is strong AI tell
Implement feature X
Update component Y
Fix bug in Z
Mechanical uniformity + "Add/Implement/Update/Fix" pattern → AI signal.
Human commit patterns (for contrast):
wip: payments
fix typo in readme
initial payment setup
refactor auth - cleanup
oops forgot the tests
Tier 2: Comment Patterns (High Confidence)
| Signal | Example | Confidence |
|---|---|---|
| Narrating comments | "First, we...", "Here we...", "Now we..." | High |
| Restating code | // Initialize array above const arr = [] |
High |
| Tutorial style | "This function will...", "Let me explain..." | High |
| Perfect grammar | No typos, formal English in all comments | Medium |
| Over-documentation | 20-line JSDoc for 5-line function | High |
Verbatim AI Phrases:
- "This file contains..."
- "This function handles..."
- "Here we define..."
- "Now we check..."
- "Finally, we return..."
Tier 3: Code Structure (Medium Confidence)
| Signal | Example | Confidence |
|---|---|---|
| Over-engineering | Comprehensive error handling for impossible cases | Medium |
| Template repetition | Same pattern copied across files exactly | Medium |
| Perfect consistency | Identical formatting across entire codebase | Low-Medium |
| Defensive coding | Null checks on values that can't be null | Medium |
Important: Clean code alone is NOT evidence of AI. Experienced developers also write clean code.
Tier 4: Anti-Signals (What Humans Do, AI Doesn't)
These DECREASE AI probability:
| Human Signal | Why |
|---|---|
| TODO/FIXME comments | AI rarely leaves work incomplete |
| Debug code left in | console.log, commented code |
| Shortcuts/abbreviations | amt, curr, intl instead of full words |
| Domain jargon | Industry-specific terms, internal naming |
| Stack Overflow attribution | "grabbed from SO", "copied from [link]" |
| Inconsistent formatting | Mixed styles within file |
| Pragmatic compromises | "prod will have proper checks" |
Confidence Scoring
| Signals Found | Confidence Level | Recommendation |
|---|---|---|
| 1 Tier-1 signal | High | Flag for review |
| 2+ Tier-2 signals | High | Likely AI-generated |
| Tier-2 + Tier-3 combined | Medium-High | Probably AI-assisted |
| Only Tier-3 signals | Low-Medium | Investigate more |
| Anti-signals present | Reduces confidence | Human likely involved |
Compound scoring: Multiple signals from different tiers = higher confidence than multiple signals from same tier.
AI-Assisted Detection (Partial AI Use)
Look for:
- Style jumps - Casual code with formal JSDoc blocks
- Git history jumps - "Add comprehensive documentation" as separate commit
- Quality inconsistency - Some files over-documented, others bare
- Misplaced docs - JSDoc on library calls, not wrapper functions
- Parameter mismatches - Docs describe different params than code has
This pattern: Human wrote code → Asked AI to add documentation.
Common Mistakes
| Mistake | Reality |
|---|---|
| "Clean code = AI" | Experienced developers write clean code too |
| Only checking code | Metadata is highest-confidence signal |
| Missing git history | "Add comprehensive documentation" commits reveal AI use |
| Binary thinking | AI-assisted is different from fully AI-generated |
| Single signal certainty | Compound multiple signals before concluding |
Quick Reference Workflow
- Check git log - Look for Co-Authored-By, uniform commit patterns
- Check README - Template structure? Perfect tables? No personality?
- Check file headers - Generated footers? "This file contains..." comments?
- Check code comments - Narrating style? Over-documentation?
- Check for anti-signals - TODOs? Shortcuts? Debug code?
- Score confidence - Compound signals from multiple tiers
- Report with evidence - List specific signals found
When NOT to Flag
- Clean, well-written code (without other signals)
- Standard patterns for solved problems (EventEmitter, validators)
- Good documentation (if style matches rest of codebase)
- Experienced developer output
Clean code without Tier-1 or Tier-2 signals = insufficient evidence.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
galihcitta/dotclaudeskills
troubleshooting-kubernetes
Diagnoses and fixes Kubernetes issues with interactive remediation. Use when pods crash (CrashLoopBackOff, OOMKilled), services unreachable (502/503, empty endpoints), deployments stuck (ImagePullBackOff, pending). Also use when tempted to run kubectl fix commands directly without presenting options, or when user says "just fix it" for K8s issues.
galihcitta/dotclaudeskills
generating-adrs
Use when PRD/TRD contains architectural decisions to document - extracts decisions from refined requirements (architecture choices, data model decisions, API patterns, technology selections, integration strategies, reuse patterns) and generates MADR-format ADRs. One ADR per decision point. Also use when asked to document decisions, create decision records, or retrospectively capture architectural choices.
galihcitta/dotclaudeskills
code-reviewer
Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review checklist generation. Use when reviewing pull requests, providing code feedback, identifying issues, or ensuring code quality standards.
galihcitta/dotclaudeskills
prd-to-ralph
Use when converting PRD/requirements into JSON format for Ralph Wiggum autonomous loops. Extracts user stories, orders by dependency (schema first, then backend, then UI, then dashboard), auto-adds standard criteria (typecheck, build, lint, tests), outputs structured JSON ready for autonomous iteration.
galihcitta/dotclaudeskills
refining-requirements
Use when PRD is prose-heavy, ambiguous, has scattered file paths, missing API contracts, or says "similar to X" without explanation. Transforms rough requirements into implementation-ready specs. Auto-detects tech stack, validates file paths (EXISTS/CREATE/VERIFY markers), handles greenfield and multi-stack projects. Do NOT use for simple bug fixes, typos, or already-structured Jira tickets with clear file paths and acceptance criteria.
galihcitta/dotclaudeskills
interviewing-plans
Use when a plan, PRD, or spec has vague requirements, undefined terms, or missing details - conducts structured interview using AskUserQuestion to surface hidden assumptions, challenge ambiguities, and produce implementation-ready specs. Also use proactively when encountering plans that say things like "make it faster" or "improve UX" without concrete definitions.
Didn't find tool you were looking for?