Skylos
Let your agent scan Python, TypeScript, and Go repos for dead code, leaked secrets, and security smells before you merge or ship.
Overview
Skylos is a MCP server for the Ship phase that scans Python, TypeScript, and Go for dead code, secrets, and security-related quality issues from your agent.
What is this MCP server?
- Dead-code detection across Python, TypeScript, and Go in one MCP stdio server (PyPI package skylos, v3.5.10).
- Security and secrets detection tuned for agent-driven refactors and bulk edits.
- Code-quality signals alongside security so you trim unused paths before they hide vulnerabilities.
- Stdio transport with optional SKYLOS_API_KEY for cloud-backed Skylos features.
- Fits ship-phase review loops without leaving Claude Code, Cursor, or Codex.
- MCP server version 3.5.10 on PyPI identifier skylos.
- Languages called out: Python, TypeScript, Go.
- Transport: stdio; optional SKYLOS_API_KEY secret env var.
Community signal: 450 GitHub stars.
What problem does it solve?
Agent-written multi-language repos hide unused code, accidental secrets, and security debt that you only notice after a bad deploy.
Who is it for?
Indie developers shipping Python/TS/Go stacks who want agent-triggered security and cleanup passes in the same session as code changes.
Skip if: Teams that only need runtime monitoring, non-Python/TS/Go codebases, or fully managed enterprise SAST with signed compliance attestations.
What do I get? / Deliverables
After you register the Skylos MCP server, your agent can run structured scans so you fix dead code and exposure risks before release.
- Agent-callable findings on dead code, security issues, and quality signals per scan.
- Repeatable pre-ship security pass across Python, TypeScript, and Go without a separate UI.
- Actionable issue lists you can turn into fixes in the same coding session.
Recommended MCP Servers
Journey fit
How it compares
MCP-backed static analysis hooks for agents, not a standalone IDE plugin or runtime APM.
Common Questions / FAQ
Who is io.github.duriantaco/skylos for?
Solo and small-team builders using Claude Code, Cursor, or Codex on Python, TypeScript, or Go who want security, secrets, and dead-code checks inside the agent workflow.
When should I use io.github.duriantaco/skylos?
Use it before merges and releases, after large refactors or AI-generated patches, and when you suspect stale or risky code paths in a polyglot repo.
How do I add io.github.duriantaco/skylos to my agent?
Install the PyPI package skylos (v3.5.10), configure stdio MCP in your host, and set SKYLOS_API_KEY if your Skylos workspace requires cloud authentication.