skylos

Skylos is a Python-based static analysis and security auditing tool that integrates with MCP to scan Python projects for dead code, security vulnerabilities, and quality issues. The MCP server exposes Skylos capabilities so you can trigger scans, ingest results, and gate PRs or CI builds with Skylos findings. Typical usage involves running Skylos in a controlled environment (local or CI) and leveraging its CI/CD integration features to automatically analyze code on changes, report dead code, secrets, and other risks, and surface inline review comments in pull requests. The tool can operate with an optional AI-assisted analysis workflow and can be combined with Claude Code Security for parallel vulnerability scanning; results are consolidated in Skylos dashboards for unified visibility.

In practice, you start the MCP server, point your pipelines at Skylos for code scanning, and use the provided CLI commands (e.g., cicd init, agent analyze, and gate) to generate workflows, perform analyses, and enforce quality gates. The integration supports dead code detection, secrets scanning, SQL injection and SSRF checks, and quality gates that fail builds on critical issues. Skylos also offers an out-of-the-box CI/CD workflow generator to quickly bootstrap GitHub Actions and provide PR annotations with file:line references.

Prerequisites:

• Python 3.8+ (recommended virtual environment)
• Git

Installation steps:

1. Create and activate a Python virtual environment python -m venv venv source venv/bin/activate # macOS/Linux .\venv\Scripts\activate # Windows

2. Install Skylos MCP server package (PyPI installation assumed) pip install skylos

3. Verify installation skylos --version # or python -m skylos --version

4. Run the MCP server (example) python -m skylos.mcp_server

Optional configuration can be provided via environment variables or a config file as required by your deployment (see additional notes).

Notes and tips:

• Environment variables: SKYLOS_TOKEN (if using cloud features), SKYLOS_API_URL (if necessary), MCP_PORT (default if not specified).
• If you run behind a firewall or in a restricted environment, expose the MCP server port to your CI/CD system and configure the MCP client to point to it.
• For CI/CD integration, Skylos can generate a GitHub Actions workflow (skylos cicd init) and gate results (skylos cicd gate -i results.json).
• Ensure Python dependencies are pinned in your environment to avoid drift in analysis results, especially for large codebases.
• When using Claude Code Security integration, you can run Skylos and Claude scans in parallel and view results in a unified dashboard.