Enterprise DNA
M MCP Servers Developer low

duriantaco/skylos

by Various

Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantac

D

MCP

duriantaco/skylos

Added 1 June 2026

#ai-agents #ai-code-review #ai-generated-code #code-quality #code-scanning #dart #dead-code #dead-code-detection

Overview

Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.

Best for

Best for
Teams wanting a self-hosted, privacy-focused pre-merge check that catches security and quality issues in pull requests

Use cases

  • Catching security vulnerabilities and leaked secrets in pull requests before deployment
  • Identifying dead code and quality regressions during code review
  • Detecting mistakes in AI-generated code commits

How to use

Install

pip install skylos

Tools exposed

  • verify_change
  • verify_agent

Tested with

Claude Desktop, Cursor

Notes

Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.

446 stars on GitHub. Last updated 2026-05-30. Licensed Apache-2.0.

Use cases

  • Catching security vulnerabilities and leaked secrets in pull requests before deployment
  • Identifying dead code and quality regressions during code review
  • Detecting mistakes in AI-generated code commits

Pros

  • Local-first design keeps code and scan results private without external data transfer
  • Addresses multiple issue categories in a single scan (security, quality, AI code errors)
  • Free and open source with no licensing costs

Cons

  • Requires Python runtime and manual setup on the developer’s machine or CI runner
  • Smaller community and fewer integrations compared to established commercial scanners
  • May need tuning to avoid false positives or cover project-specific rules

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Local-first design keeps code and scan results private without external data transfer
  • Addresses multiple issue categories in a single scan (security, quality, AI code errors)
  • Free and open source with no licensing costs

Cons

  • Requires Python runtime and manual setup on the developer's machine or CI runner
  • Smaller community and fewer integrations compared to established commercial scanners
  • May need tuning to avoid false positives or cover project-specific rules

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks