duriantaco/skylos
by Various
Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantac
MCP
duriantaco/skylos
Added 1 June 2026
Overview
Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.
Best for
Best for
Teams wanting a self-hosted, privacy-focused pre-merge check that catches security and quality issues in pull requests
Use cases
- Catching security vulnerabilities and leaked secrets in pull requests before deployment
- Identifying dead code and quality regressions during code review
- Detecting mistakes in AI-generated code commits
How to use
Install
pip install skylos Tools exposed
verify_changeverify_agent
Tested with
Claude Desktop, Cursor
Notes
Open source PR scanner that runs locally to detect dead code, security bugs, secrets, quality regressions, and errors in AI-generated code before merge. Written in Python and designed to be triggered on pull requests, it provides an offline, privacy-preserving alternative to cloud-based scanning tools.
446 stars on GitHub. Last updated 2026-05-30. Licensed Apache-2.0.
Use cases
- Catching security vulnerabilities and leaked secrets in pull requests before deployment
- Identifying dead code and quality regressions during code review
- Detecting mistakes in AI-generated code commits
Pros
- Local-first design keeps code and scan results private without external data transfer
- Addresses multiple issue categories in a single scan (security, quality, AI code errors)
- Free and open source with no licensing costs
Cons
- Requires Python runtime and manual setup on the developer’s machine or CI runner
- Smaller community and fewer integrations compared to established commercial scanners
- May need tuning to avoid false positives or cover project-specific rules
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Local-first design keeps code and scan results private without external data transfer
- Addresses multiple issue categories in a single scan (security, quality, AI code errors)
- Free and open source with no licensing costs
Cons
- Requires Python runtime and manual setup on the developer's machine or CI runner
- Smaller community and fewer integrations compared to established commercial scanners
- May need tuning to avoid false positives or cover project-specific rules
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.