by duriantaco
High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security flaws with hybrid static analysis + local LLM agents. Privacy-first & low noise. MCP server for SAST too. Docs: https://docs.skylos.dev/
# Add to your Claude Code skills
git clone https://github.com/duriantaco/skylos⭐ If Skylos saves you time (or has helped you in any way), please star the repo — it helps a lot.
💬 Join the Discord (support + contributors): https://discord.gg/Ftn9t9tErf
Skylos is a privacy-first SAST tool for Python, TypeScript, and Go that bridges the gap between traditional static analysis and AI agents. It detects dead code, security vulnerabilities (SQLi, SSRF, Secrets), and code quality issues with high precision.
No comments yet. Be the first to share your thoughts!
Unlike standard linters (like Vulture or Bandit) that struggle with dynamic Python patterns, Skylos uses a hybrid engine (AST + optional Local/Cloud LLM). This allows it to:
pytest.fixture, FastAPI routes).--trace mode validates findings against actual runtime execution.# Generate a GitHub Actions workflow in 30 seconds
skylos cicd init
# Commit and push to activate
git add .github/workflows/skylos.yml && git push
What you get:
No configuration needed - works out of the box with sensible defaults. See CI/CD section for customization.