duriantaco/skylos
High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security flaws with hybrid static analysis + local LLM agents. Privacy-first & low noise. MCP server for SAST too. Docs: https://docs.skylos.dev/
Skylos helps software development teams find and remove unused code, identify security vulnerabilities like hardcoded secrets and exploitable flows, and detect security regressions, especially those introduced by AI coding assistants. It takes your Python, TypeScript, or Go codebase as input and outputs clear findings, flagging issues directly in your pull requests. This tool is for software developers, engineering managers, and security engineers.
330 stars. Available on PyPI.
Use this if you need a comprehensive tool to improve code quality, enhance security posture, and efficiently manage technical debt in your Python, TypeScript, or Go projects, particularly when using AI coding assistants.
Not ideal if you are looking for a runtime application security testing (RASP) tool or a solution exclusively for dynamic analysis.
Stars
330
Forks
10
Language
Python
License
Apache-2.0
Category
Last pushed
Mar 11, 2026
Commits (30d)
0
Dependencies
14
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/duriantaco/skylos"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Related servers
Wh0am123/MCP-Kali-Server
MCP configuration to connect AI agent to a Linux machine.
DMontgomery40/pentest-mcp
NOT for educational purposes: An MCP server for professional penetration testers including...
BurtTheCoder/mcp-shodan
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and...
cyproxio/mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like...
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...