Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-duriantaco-skylos": {
"args": [
"skylos"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
📖 Website · Documentation · Blog · GitHub Action · VS Code Extension · MCP Server
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'skylos' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked skylos against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in developer-tools / security
Read, write, and manage files on the local filesystem
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Manage Supabase projects — databases, auth, storage, and edge functions
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
MCP Security Weekly
Get CVE alerts and security updates for io.github.duriantaco/skylos and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Website | Docs | Repo Map | Quick Start | GitHub Action | VS Code Extension | Real-World Results | Benchmarks | Roadmap | Contributing
English | Deutsch | 简体中文 | Translations
Skylos is an open-source static analysis CLI for Python, TypeScript, JavaScript, Java, Go, Kotlin, PHP, Rust, Dart, C#, Shell, and deployment config. It runs locally by default and can also be used as a CI/CD PR gate.
Use Skylos when you want one command to check a repo or pull request for:
pip install skylos
skylos .
The default scan focuses on dead code. Add security, secrets, quality,
dependency, and AI-defect checks with -a:
skylos . -a
Run only evidence-backed AI defect checks with:
skylos . --ai-defects
Verify a changed file or range before an agent hands it to review:
skylos verify . --file src/app.py --range 40:75 --project-context
Create a local AI hallucination contract for repo-specific generated-code
truth. skylos verify auto-discovers .skylos/ai-contract.yml:
skylos contract init
skylos contract inspect
skylos verify .
Create a project config with thresholds, ignores, template hooks, and vibe dictionary extensions:
skylos init
Create a starter local rule pack:
skylos rules init
skylos rules validate .skylos/rules/local.yml
skylos rules list --json
skylos rules list cross --json
skylos rules list --packs --json
skylos cache stats
Generate a GitHub Actions PR gate:
skylos cicd init
git add .github/workflows/skylos.yml
git commit -m "Add Skylos CI gate"
git push
Need more commands? Read the CLI Reference.
| Goal | Command | What You Get | More Detail |
|---|---|---|---|
| First dead-code scan | skylos . | Finds unused functions, classes, imports, files, and framework entrypoint mistakes | Dead code docs |
| Deterministic cleanup preview | skylos clean . --dry-run --types import,function --confidence 80 | Shows safe import/function removals before writing; add --apply to edit files | [Dead code docs](ht |