duriantaco/skylos

Overview

Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.

Best for

Best for
Teams wanting a self-hosted, privacy-focused pre-merge check that catches security and quality issues in pull requests

Use cases

• Catching security vulnerabilities and leaked secrets in pull requests before deployment
• Identifying dead code and quality regressions during code review
• Detecting mistakes in AI-generated code commits

Notes

Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.

446 stars on GitHub. Last updated 2026-05-30. Licensed Apache-2.0.

Use cases

• Catching security vulnerabilities and leaked secrets in pull requests before deployment
• Identifying dead code and quality regressions during code review
• Detecting mistakes in AI-generated code commits

Pros

• Local-first design keeps code and scan results private without external data transfer
• Addresses multiple issue categories in a single scan (security, quality, AI code errors)
• Free and open source with no licensing costs

Cons

• Requires Python runtime and manual setup on the developer’s machine or CI runner
• Smaller community and fewer integrations compared to established commercial scanners
• May need tuning to avoid false positives or cover project-specific rules

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.