Skylos MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
pip install skylos
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add skylos -- node "<FULL_PATH_TO_SKYLOS>/dist/index.js"

Replace <FULL_PATH_TO_SKYLOS>/dist/index.js with the actual folder you prepared in step 1.

README.md

Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.

Skylos: Dead Code and Security PR Gate for Modern Codebases

Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go. Add a pull request gate in minutes.

๐Ÿ“– Website ยท Documentation ยท Blog ยท VS Code Extension

What is Skylos?

Skylos is a local-first scanner for Python, TypeScript, and Go that helps teams catch dead code, secrets, and exploitable flows before they land in main.

The core use case is straightforward: run it locally, add it to CI, and gate pull requests on real findings with GitHub annotations and review comments. Advanced features like AI defense, remediation agents, VS Code, MCP, and cloud upload are available, but you do not need any of them to get value from Skylos.

Start here

Goal Command What you get
Scan a repo skylos . -a Dead code, risky flows, secrets, and code quality findings
Gate pull requests skylos cicd init A GitHub Actions workflow with a quality gate and inline annotations
Audit an LLM app skylos defend . Optional AI defense checks for Python LLM integrations

Why teams adopt it

  1. Better dead code signal on real frameworks: Skylos understands FastAPI, Django, Flask, pytest, Next.js, React, and more, so dynamic code produces less noise.
  2. One workflow instead of three tools: Dead code, security scanning, and PR gating live in the same CLI and CI flow.
  3. Local-first by default: You can keep scans on your machine and add optional AI or cloud features later if you need them.

Why Skylos over Vulture?

Skylos Vulture
Recall 98.1% (51/52) 84.6% (44/52)
False Positives 220 644
Framework-aware (FastAPI, Django, pytest) Yes No
Security scanning (secrets, SQLi, SSRF) Yes No
AI-powered analysis Yes No
CI/CD quality gates Yes No
TypeScript + Go support Yes No

Benchmarked on 9 popular Python repos (350k+ combined stars) + TypeScript (consola). Every finding manually verified. Full case study โ†’

๐Ÿš€ **New to Skylos? Start with CI/CD Integration**

# Generate a GitHub Actions workflow in 30 seconds
skylos cicd init

# Commit and push to activate
git add .github/workflows/skylos.yml && git push

What you get:

  • Automatic dead code detection on every PR
  • Security vulnerability scanning (SQLi, secrets, dangerous patterns)
  • Quality gate that fails builds on critical issues
  • Inline PR review comments with file:line links
  • GitHub Annotations visible in the "Files Changed" tab

No configuration needed - works out of the box with sensible defaults. See CI/CD section for customization.

Tools (2)

scanScans the codebase for dead code, security vulnerabilities, and quality issues.
defendPerforms AI defense checks for Python LLM integrations.

Configuration

claude_desktop_config.json
{"mcpServers": {"skylos": {"command": "skylos", "args": ["mcp"]}}}

Try it

โ†’Scan the current directory for any dead code or unused functions.
โ†’Check my Python project for security vulnerabilities and secrets.
โ†’Run an AI defense audit on my LLM integration code.
โ†’Identify any exploitable flows in the TypeScript codebase.

Frequently Asked Questions

What are the key features of Skylos?

Detects dead code in Python, TypeScript, and Go projects. Identifies security vulnerabilities like SQLi and hardcoded secrets. Framework-aware analysis for FastAPI, Django, pytest, and Next.js. Provides AI-powered analysis and remediation suggestions. Supports CI/CD integration with quality gates and PR annotations.

What can I use Skylos for?

Cleaning up legacy codebases by identifying and removing unused functions. Preventing security regressions by gating pull requests with automated scans. Auditing LLM-integrated applications for potential prompt injection or data leaks. Improving code quality in large monorepos with framework-specific analysis.

How do I install Skylos?

Install Skylos by running: pip install skylos

What MCP clients work with Skylos?

Skylos works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Skylos docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers โ†’

Related MCP Servers

Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars
EasyShell
AI-Native Server Operations Platform
monitoring37 stars

Compare Skylos with Alternatives

Skylos vs Linux MCP ServerSkylos vs Charles MCP ServerSkylos vs HomeButlerSkylos vs Wireshark MCP