mcp-skylos
The mcp-skylos server exposes Skylos static analysis capabilities to AI agents and coding assistants, enabling automated code quality, security, dead-code, and secrets analysis workflows.
analyze— Scan a codebase for dead code (unused functions, classes, imports, files) with configurable confidence threshold and folder exclusions.security_scan— Detect vulnerabilities such as SQL injection, XSS, SSRF, and command injection.quality_check— Check for quality regressions like excessive complexity, deep nesting, duplicate branches, and long functions.secrets_scan— Detect exposed API keys, tokens, and high-entropy strings in the codebase.remediate— Use an LLM to automatically suggest or apply fixes for security findings, with dry-run mode, severity filtering, and test command validation.verify_dead_code— Use an LLM to verify dead code findings and reduce false positives.provenance_scan— Scan for provenance and supply-chain issues, optionally scoped to a diff against a base branch.generate_fix— Generate and optionally apply fixes (e.g., delete unused code) with a configurable safety threshold.learn_triage— Record triage actions (accept/dismiss) on findings to improve future analysis.get_triage_suggestions— Retrieve triage suggestions based on previously learned decisions for a project.validate_code_change— Validate a unified diff for security regressions, dangerous patterns, secrets, and AI defense issues before merging.get_security_context— Retrieve a security context summary for a codebase path to inform further analysis or LLM-assisted workflows.
Scans Docker Compose and other deployment configs for privileged access, host networking, missing sandboxing, and other edge-device security misconfigurations.
Generates GitHub Actions PR gates with annotations and failure thresholds, and scans workflows for CI/CD misconfigurations.
Scans GitLab CI configurations for dangerous triggers, unpinned actions/includes, broad tokens, and other supply-chain risks.
Website | Docs | Repo Map | Quick Start | GitHub Action | VS Code Extension | Real-World Results | Benchmarks | Roadmap | Contributing
English | Deutsch | 简体中文 | Translations
What Is Skylos?
Skylos is an open-source static analysis CLI for Python, TypeScript, JavaScript, Java, Go, Kotlin, PHP, Rust, Dart, C#, Shell, and deployment config. It runs locally by default and can also be used as a CI/CD PR gate.
Use Skylos when you want one command to check a repo or pull request for:
dead code and unused files
security flaws and dangerous data flows
secrets and dependency CVEs
CI/CD and edge-device deployment misconfigurations
quality regressions such as complexity, duplicate branches, and deep nesting
common AI-generated code mistakes, including missing guards, fake helpers, invented package APIs, and impossible dependency versions
LLM app risks such as unsafe tool use and missing output validation
Related MCP server: open-code-review
Start In 60 Seconds
pip install skylos
skylos .The default scan focuses on dead code. Add security, secrets, quality, and
dependency checks with -a:
skylos . -aVerify a changed file or range before an agent hands it to review:
skylos verify . --file src/app.py --range 40:75 --project-contextCreate a project config with thresholds, ignores, template hooks, and vibe dictionary extensions:
skylos initCreate a starter local rule pack:
skylos rules init
skylos rules validate .skylos/rules/local.yml
skylos rules list --json
skylos rules list cross --json
skylos rules list --packs --json
skylos cache statsGenerate a GitHub Actions PR gate:
skylos cicd init
git add .github/workflows/skylos.yml
git commit -m "Add Skylos CI gate"
git pushNeed more commands? Read the CLI Reference.
Common Workflows
Goal | Command | What You Get | More Detail |
First dead-code scan |
| Finds unused functions, classes, imports, files, and framework entrypoint mistakes | |
Deterministic cleanup preview |
| Shows safe import/function removals before writing; add | |
Security and quality audit |
| Adds dangerous flow, secrets, dependency, config, and quality checks | |
PR gate |
| Generates a GitHub Actions workflow with annotations and failure thresholds | |
Readable terminal report |
| Groups findings by file with severity badges, snippets, and copyable | |
Selectable terminal triage |
| Opens a keyboard-driven category list, finding list, and detail pane | |
IDE/test-script output |
| Prints only | |
In-loop AI-code verification |
| Returns narrow JSON for hallucinated helpers, unfinished code, stale references, disabled controls, and API/dependency hallucinations | |
Changed-lines review |
| Keeps findings focused on active work instead of legacy debt | |
Runtime-assisted dead-code check |
| Uses runtime traces to reduce dynamic-code false positives | |
Local rule pack |
| Scaffolds YAML rules for project-specific security and quality checks | |
Security agent quick scan |
| One-shot LLM security audit; compatibility alias for | |
Security agent deep scan |
| Three-stage security workflow with threat-model context, static threat traces, discovery/validation, and remediation handoff | |
AI-assisted review |
| Static analysis plus optional LLM review and fix suggestions | |
Verification-backed remediation |
| Re-scans fixed security findings and records proof-test metadata for supported fixes | |
MCP agent verification |
| Lets Claude, Cursor, and other MCP clients verify an edited file/range with the same schema as | |
LLM app defense |
| Finds missing AI app guardrails mapped to OWASP LLM risks | |
Technical debt triage |
| Ranks hotspots and debt trends |
What Skylos Catches
Category | Examples | Why It Matters |
Dead code | unused functions, classes, imports, package entrypoints, route handlers | reduces maintenance cost without breaking dynamic frameworks |
Security flaws | SQL injection, XSS, SSRF, path traversal, command injection, unsafe deserialization | catches exploitable flows before code reaches main |
Secrets | API keys, tokens, private credentials, high-entropy strings | prevents credentials from leaking through commits and PRs |
CI/CD workflows | GitHub Actions and GitLab CI dangerous triggers, unpinned actions/includes, broad tokens, OIDC misuse, cache poisoning, mutable images | reduces CI/CD supply-chain risk before release jobs run |
Edge deployment config | Docker Compose privileged device access, host networking, systemd root services, broad capabilities, missing sandboxing | catches repo-controlled settings that turn app bugs into device compromise |
Quality regressions | complexity, deep nesting, duplicate branches, long functions, inconsistent returns | keeps AI-assisted refactors from adding brittle code |
AI code mistakes | phantom security calls, missing decorators, unfinished stubs, disabled controls, real packages called with invented APIs, impossible npm/Go versions | catches common hallucinated or incomplete code paths before they reach review |
LLM app risks | unsafe tool use, prompt injection exposure, missing output validation, missing rate limits | helps teams ship AI features with guardrails |
See the full Rules Reference.
How Skylos Fits
Skylos is not a replacement for every specialized scanner. It is a local-first repo and PR checker that puts several common review checks behind one CLI.
Framework-aware dead code detection: FastAPI, Django, Flask, pytest, SQLAlchemy, Next.js, React, package entrypoints, and common plugin patterns.
PR-focused output: diff scanning, CI thresholds, GitHub annotations, and baselines for existing findings.
Local-first operation: core static analysis does not require cloud upload or LLM calls.
AI-assisted change review: checks for removed validation, auth, logging, CSRF, rate limiting, timeouts, real-package API hallucinations, and other guardrails in generated or edited code.
Agent-loop verification:
skylos verifyand MCPverify_changereturn versioned JSON for only AI-code trust findings, so coding agents can self-correct before a human sees the change.Verification-backed remediation: security fixes are checked by re-running analysis, and supported findings can include targeted regression-test proof metadata.
Project-specific rules: add local YAML rules and extend prompt, credential, sensitive-file, and timeout dictionaries from config.
One command surface: dead code, security, secrets, dependency, quality, technical debt, agent review, and AI defense commands share the same CLI.
Install Options
# Core static analysis
pip install skylos
# LLM-powered agent workflows
pip install "skylos[llm]"
# All published optional extras
pip install "skylos[all]"Container image:
docker pull ghcr.io/duriantaco/skylos:latest
docker run --rm -v "$PWD":/work -w /work ghcr.io/duriantaco/skylos:latest . --json --no-provenanceSee Installation for source installs, container usage, and optional dependencies.
Configure Templates And Vibe Checks
Run skylos init to add these sections to pyproject.toml:
[tool.skylos.templates]
# security = ".skylos/templates/security.md"
# quality = ".skylos/templates/quality.md"
# security_audit = ".skylos/templates/security_audit.md"
# review = ".skylos/templates/review.md"
[tool.skylos.vibe]
extra_phantom_names = ["verify_enterprise_auth"]
extra_phantom_decorators = ["tenant_admin_required"]
extra_credential_names = ["tenant_signing_secret"]
extra_network_timeout_calls = ["vendor_sdk.fetch"]
[tool.skylos.dead_code]
entrypoints = []
[[tool.skylos.dead_code.entrypoints]]
type = "method"
name = ["create", "pre_hook", "post_hook"]
parent = { name = "Main", base_classes = ["Application"] }
path = "src/**"
reason = "project framework lifecycle hook"
[tool.skylos.contribution]
collect_local_signals = false
contribute_public_corpus = false
structural_signatures_only = true
include_source = falseTemplate files extend Skylos' built-in prompts; they do not replace the
JSON-only output contract or untrusted-code safety rules. Vibe dictionary
extensions let teams teach Skylos about local fake-auth helpers, project
credential names, sensitive files, and network calls that must set timeouts.
Dead-code entrypoints let teams mark proprietary framework classes, lifecycle
methods, and decorator-registered functions as live using precise rules for
type, name, path, decorators, base classes, and parent classes.
Rules must include a symbol selector such as name, decorators,
base_classes, or parent; path and module only narrow the match.
Contribution signals are off by default; when enabled, Skylos records local
structural accept/dismiss/learn events under .skylos/contribution/ without raw
source.
By default Skylos discovers [tool.skylos] in pyproject.toml by walking up
from the scan path. To use a dedicated TOML config, pass --config-file PATH
or set SKYLOS_CONFIG_FILE; standalone files may use either [tool.skylos]
or top-level [skylos]. Synced Skylos Cloud policy keeps its protected
precedence over repository-controlled config.
Language Support
Language | Dead Code | Security | Quality | Notes |
Python | Yes | Yes | Yes | strongest coverage; framework-aware static analysis and optional tracing |
TypeScript / JavaScript | Yes | Yes | Yes | Tree-sitter parsing, package graph reachability, framework conventions |
Java | Yes | Yes | Yes | Tree-sitter parsing and structured security-flow analysis |
Go | Yes | Partial | Partial | dead-code and selected security benchmark coverage |
PHP | Yes | Yes | Partial | PHP parser coverage plus taint-style security sinks and sources |
Rust | Yes | Yes | Partial | Rust parser coverage plus security sink/source checks |
Dart | Yes | Yes | Partial | Dart parser coverage plus selected security sinks and sources |
C# | Yes | Yes | Partial | C# symbol coverage plus selected ASP.NET, process, SQL, HTTP, and file sinks |
Shell | No | Yes | Partial | shell-script security checks for command injection, SSRF, and path traversal |
See Rules Reference for rule families and scanner scope.
Config And Deployment Support
Surface | Files | Security Scope |
GitHub Actions |
| dangerous triggers, token permissions, unpinned actions, template injection, secrets, OIDC, cache, and artifact policy |
GitLab CI |
| mutable images, unpinned includes, literal secrets, untrusted eval, Docker-in-Docker, OIDC, cache, timeout, and runner-tag policy |
Dockerfile |
| dangerous |
Edge Docker Compose |
| privileged containers, broad host device/control mounts, GPU/device runtime, and host networking |
Edge systemd |
| root edge services, mutable |
Benchmark Snapshot
Skylos has checked-in regression benchmarks for dead code, security, quality, and agent review. These are strict regression gates, not broad proof that any tool is universally state of the art.
Suite | Current Skylos Result | Baseline |
Dead code regression | 16 cases, TP=36 FP=0 FN=0 TN=59, score 100.0 | Ruff score 62.67; Vulture not installed in latest local rerun |
Security regression | 56 cases, TP=35 FP=0 FN=0 TN=23, score 100.0 | Bandit score 47.14 on Python-applicable cases |
Quality regression | 13 cases, score 100.0 | regression gate only |
Agent review | 25 cases, score 100.0 | regression gate only |
AI-code defect regression | curated verifier cases for hallucinated references, package APIs, and dependency versions | run |
Frozen golden-v0.2 highlights:
Frozen Suite | Skylos Result | Caveat |
Dead code seeded dev | overall score 96.28; TS/JS/Go/Java score 100.0; Python score 93.33 | Python residuals are label-review items |
Security seeded dev | overall score 96.52; full recall with one Python | label should be reviewed |
OWASP Java security dev | TP=105 FP=0 FN=15 TN=120, score 94.37 | request-wrapper, LDAP, XPath, and property weak-hash gaps remain |
Quality seeded dev | TP=1 FP=0 FN=0 TN=1, score 100.0 | one seeded case only |
For methodology, commands, competitor rows, and caveats, see BENCHMARK.md.
Project Evidence
Skylos-assisted dead-code cleanup PRs have been merged in Black, NetworkX, Optuna, mitmproxy, pypdf, beets, and Flagsmith. These are accepted cleanup PRs, not project endorsements. See Real-World Results.
A local Astronomer scan on April 26, 2026 computed 420 stargazers and returned overall trust: A. StarGuard also reported low fake-star risk.
Integrations
Integration | Link | Purpose |
GitHub Action | PR gates, annotations, and CI enforcement | |
VS Code extension | in-editor findings and AI-assisted fixes | |
MCP server | expose Skylos scans to AI agents and coding assistants | |
Docker image | run Skylos without a local Python install | |
Skylos Cloud | optional upload and dashboard workflows |
Generate a GitHub Actions workflow from the CLI:
skylos cicd init --upload
skylos cicd init --upload --scan-path apps/apiThe generated upload workflow uses GitHub OIDC, sends PR head commit/branch
metadata, and supports monorepo subprojects through --scan-path.
Documentation Map
Need | Read This |
Install options, source install, and Docker | |
First scan and core workflows | |
CLI commands, flags, and examples | |
CLI output modes, pretty reports, and TUI controls | |
CI setup, PR gates, annotations, and branch protection | |
Dead-code behavior and framework awareness | |
Security scanning and taint analysis | |
Rule ID prefixes and product terminology | |
Agent scan, verification, remediation, and model setup | |
AI defense checks and LLM guardrails | |
MCP server setup | |
Real-world merged cleanup PRs | |
Baselines, filtering, suppressions, and whitelists | |
Smart tracing | |
Rule families and language support | |
Cloud uploads and dashboard flow | |
VS Code extension | |
Benchmarks and methodology | |
Security policy | |
Release process | |
Contribution priorities | |
Contributing |
Common Questions
Does Skylos replace Bandit, Semgrep, CodeQL, or Vulture?
No. Skylos can run alongside them. It focuses on framework-aware dead-code signal, PR gating, AI-era regression checks, and a combined workflow across dead code, security, secrets, and quality.
Does Skylos require an LLM?
No. Core static analysis runs locally without API keys. LLM features are
optional through skylos[llm] and agent commands.
Can I use it only on changed code?
Yes. Use skylos . -a --diff origin/main locally or configure CI gates to focus
on new findings.
How should I handle intentional dynamic code?
Use baselines, whitelists, inline suppressions, or runtime tracing. See the configuration docs and smart tracing docs.
Contributing And Support
Report security issues through SECURITY.md.
Open bugs and false-positive reports with minimal repros.
Check ROADMAP.md for useful contribution areas.
Read CONTRIBUTING.md before sending a pull request.
See QUALITY.md for project quality and gate expectations.
Join the Discord for community support.
License
Skylos is licensed under the Apache License 2.0.
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/duriantaco/skylos'
If you have feedback or need assistance with the MCP directory API, please join our Discord server