Skylos

A hybrid SAST and dead code detection tool for Python, TypeScript, and Go that combines AST-based static analysis with optional LLM-powered remediation, offering framework-aware false-positive reduction and CI/CD integration.

Evaluated Mar 01, 2026 (50d ago) vlatest
Homepage ↗ Repo ↗ Developer Tools sast dead-code python typescript go security mcp ci-cd ai-agents ast taint-analysis
⚙ Agent Friendliness
74
/ 100
Can an agent use this?
🔒 Security
70
/ 100
Is it safe for agents?
⚡ Reliability
N/A
Not evaluated
Does it work consistently?
AF Security Reliability

Best When

You maintain a Python, TypeScript, or Go codebase and need a framework-aware dead code remover and security scanner that minimizes false positives and integrates with CI/CD.

Avoid When

You need broad multi-language SAST coverage (Java, C#, Ruby, etc.) or require a SOC 2-certified commercial SAST solution.

Use Cases

  • Detect and safely remove dead code (unused functions, orphan classes, unused imports) from Python, TypeScript, and Go codebases
  • Run security scans for SQL injection, XSS, command injection, secrets, and SSRF vulnerabilities with low false-positive rates
  • Automate code remediation and PR creation using AI agents connected via the MCP server interface
  • Enforce quality gates in CI/CD pipelines with GitHub Actions integration and inline PR annotation
  • Audit large legacy codebases to reduce maintenance burden while preserving framework-required code (pytest fixtures, FastAPI routes)

Not For

  • Languages beyond Python, TypeScript/TSX, and Go — multi-language polyglot projects need additional tools
  • Teams wanting a fully managed SaaS SAST tool — Skylos is self-hosted
  • Runtime security monitoring — Skylos is static analysis only (no RASP or DAST capabilities)

Alternatives

Vulture Semgrep Bandit ESLint security plugins CodeQL SonarQube

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Skylos.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-01.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered