skylos

MCP Tool

duriantaco/skylos

High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security flaws with hybrid static analysis + local LLM agents. Privacy-first & low noise. MCP server for SAST too. Docs: https://docs.skylos.dev/

Install

$ npx loaditout add duriantaco/skylos

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "skylos": {
      "command": "npx",
      "args": [
        "-y",
        "skylos"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

<div align="center"> <h1>Skylos: Dead Code and Security PR Gate for Modern Codebases</h1> <h3>Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go. Add a pull request gate in minutes.</h3> </div>

[](https://codecov.io/gh/duriantaco/skylos) [](https://discord.gg/Ftn9t9tErf)

📖 [Website](https://skylos.dev) · [Documentation](https://docs.skylos.dev) · [Blog](https://skylos.dev/blog) · [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=oha.skylos-vscode-extension)

---

What is Skylos?

Skylos is a local-first scanner for Python, TypeScript, and Go that helps teams catch dead code, secrets, and exploitable flows before they land in main.

The core use case is straightforward: run it locally, add it to CI, and gate pull requests on real findings with GitHub annotations and review comments. Advanced features like AI defense, remediation agents, VS Code, MCP, and cloud upload are available, but you do not need any of them to get value from Skylos.

Start here

| Goal | Command | What you get | |:---|:---|:---| | Scan a repo | skylos . -a | Dead code, risky fl

Reviews

Loading reviews...

Quality Signals

Quality Score5500

336

Stars

Installs

Last updated1 day ago

Security: AREADME

New

skylos

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge