Catch risky AI code before it reaches main

Run Skylos locally for free to catch dead code, secrets, risky AI changes, and technical-debt hotspots. Add Cloud when your team needs history, PR evidence, and shared triage.

Compare free vs paid

No login for local scans. Try skylos . -a on one repo first.

Dead codeSecretsRemoved controlsAgentsTechnical debtPR gatesClaude Code outputCursor changes
Live Scan Console
Local-first proof before Cloud rollout

What each tier is actually for

Free finds the issue. Cloud makes the team act on it.

Use the OSS CLI to prove signal on one repo. Pay when findings need history, owners, exports, PR evidence, and shared review.

Free OSS CLI

For proving signal locally

The scanner stays free. Use it before commit, in CI, or inside agent workflows without uploading code.

  • Local scans, no login
  • Dead code, security, secrets, quality, debt
  • Diff review, agents, MCP, CI gates
Recommended for teams

Cloud Workspace

$9 starter pack, 50 credits

The paid layer turns CLI output into a shared workflow: stored scans, owners, exceptions, integrations, and PR evidence.

  • 10 projects, 500 stored scans, 90-day history
  • Trends, compare, exports, provenance detail
  • Exceptions, team workflow, Slack, Discord, PR comments

Enterprise

For scale, retention, audit

For teams that need higher limits, longer memory, audit exports, and predictable usage across many repos.

  • 9,999 projects, 10,000 stored scans, 365-day history
  • Unlimited credits and custom rule scale
  • Provenance compliance audit export

No more mystery credits

What 50 credits covers

Enough for 50 uploads, 25 comparisons, 16 PR auto-fix actions, 10 AI triage actions, or 5 MCP remediations.

50
scan uploads
25
scan comparisons
16
PR auto-fix actions
10
AI triage actions
5
MCP remediations

Evidence

Proof before promises

Benchmarks, case studies, and merged PRs already published on the site.

Maintainer validation
5 repos

Merged cleanup PRs into real Python libraries

Black, networkx, mitmproxy, pypdf, and Flagsmith merged Skylos-driven PRs.

Review merged PR proof
Flask case study
21x

Fewer false positives than Vulture

Manual review on Flask found 7/7 dead items, with 12 false positives instead of 260.

Read case study
9-repo benchmark
98.1%

Recall on popular Python repos

9 repos, 350k+ stars, 98.1% recall, and fewer false positives than Vulture.

Compare the benchmark
Verification accuracy
35/35

LLM verification matched Claude Code

Verification matched Claude Code across pip-tools, tox, and mesa.

See verification proof

What it catches

What teams use Skylos to catch

Not style linting. Real mistakes that slip through busy AI-assisted reviews.

Removed security controls

Auth decorators, CSRF checks, rate limits, and other controls removed by refactors.

Hallucinated AI code

Hallucinated imports, phantom calls, insecure defaults, and hardcoded secrets.

Dead code in real Python apps

Lower-noise checks for Django, Flask, FastAPI, Pydantic, and pytest.

Local scan to PR gate

Run locally first; add GitHub Actions only after the signal is useful.

External proof

Public mentions

T
Tryolabs
Top Python Libraries 2025
“Confidence scores are useful for framework code that appears unused but is invoked externally.”

Read on Tryolabs →

in
Banias Baabe
LinkedIn
“Detects unused Python code with higher accuracy than existing solutions.”

View on LinkedIn →

r/Python
33 upvotes
“Quality issues + secrets bundled in is nice.”

View on Reddit →

D
DEV Community
Python Code Quality Guide
“Sniffs out unused code andsecurity smells before they fester.”

Read on DEV →

Real Python
@realpython
“skylos: Detect Dead Code”Shared to 500K+ Python developers

View on X →

D
DEV Community
Tool Comparison Guide
“Skylos shines in hybrid dead-code/security scans.”

Read on DEV →

Open source on GitHub
300+ stars

Benchmark

Benchmark: Skylos vs Vulture

A FastAPI + Pydantic repo seeded with 29 known dead-code bugs.

Test Methodology

Both tools scanned the same service architecture:

  • 29 seeded bugs: unused imports, functions, and variables.
  • Framework magic: FastAPI routers, Pydantic models, and pytest fixtures.

The Takeaway

Skylos found 29/29 seeded issues. Vulture found 24/29.

Tradeoff: Skylos spends ~1.6s for deeper AST context; Vulture finishes in ~0.1s.

MetricSkylosVulture
True Positives
Correctly found dead code
29 / 2924 / 29
False Negatives
Missed bugs (lower is better)
05
Precision
Accuracy of findings
70.7%
50.0%
Recall
Detection rate
100%
82.8%
Execution Time1.67s0.10s

* Benchmark data collected Feb 2026 on Apple Silicon M3.

Rollout path

Try one repo first.

Add CI only after the local scan finds useful signal.

1

Install CLI

$ pip install skylos

No login or repo connection.

2

Run your first scan

$ skylos . -a

Check a repo you already care about.

3

Add PR gates when ready

$ skylos cicd init

Block risky merges after Skylos earns trust.

Research before rollout

Guides and comparisons

Use these before adding another scanner to your workflow.

Use Cases

All use cases

Comparisons

All comparisons

Blog

All articles

Docs

Read the docs

Objections

Frequently Asked Questions

Is Skylos free?+

Yes. The CLI runs locally without login. Cloud is paid for shared history, scan comparison, PR evidence, collaboration, and governance.

What do teams get when they pay for Skylos Cloud?+

Teams pay for workflow around scan results: uploaded history, run comparison, shared triage, exceptions, exports, Slack or Discord alerts, PR workflows, and cloud AI actions.

How long do 50 Skylos credits last?+

50 credits can cover 50 scan uploads, 25 scan comparisons, 16 PR auto-fix actions, 10 AI triage actions, or 5 MCP remediations. Heavy cloud AI use burns faster.

Is Skylos a replacement for SonarQube, Semgrep, GitHub Advanced Security, or Snyk?+

Usually no. Keep those tools. Use Skylos beside them for AI-heavy repos, removed controls, dead code, technical debt, and changed-code regressions.

Does Skylos include agents and technical debt analysis?+

Yes. The CLI includes agent workflows and technical debt triage. Cloud tracks those results over time and makes them easier to share.

Can Skylos review Claude Code, Cursor, Codex, or Copilot output?+

Yes. Run Skylos before commit or in CI to catch removed validation, auth checks, rate limits, secrets handling, and other risky AI changes.

Pricing

Pick the layer you actually need.

Free is for local signal. Cloud is for team memory. Enterprise is for scale, retention, and audit evidence.

Free OSS CLI

For one developer or one repo proving whether Skylos catches useful signal.

$0
  • Local scans with no login
  • Dead code, secrets, security, quality, debt
  • Diff review, CI gate, agents, MCP, AI defense
  • Best when terminal output is enough
Team starter

Cloud Workspace

For teams that need shared history, review workflow, and evidence across repos.

$9/ 50 credits
50 credits can cover

50 scan uploads, 25 comparisons, 16 PR auto-fix actions, 10 AI triage actions, or 5 MCP remediations.

  • 10 projects and 500 stored scans
  • 90-day history, full trends, compare
  • PR comments, SARIF, exports, integrations
  • Exceptions, overrides, team collaboration
  • Credits meter cloud actions only
Start Team WorkspaceSee workspace details

Enterprise Rollout

For teams that need predictable usage, longer retention, and compliance-friendly audit exports.

Custom
  • Everything in Team
  • Unlimited credits
  • 9,999 projects and 10,000 stored scans
  • 365-day retention and higher API limits
  • Provenance compliance audit export
Talk to founder

Start with the free CLI.

Add Cloud when reviewers need history, evidence, and shared triage.

See pricing