Skip to main content

Basic Usage

skylos <path> [options]
The <path> argument can be a directory (scans recursively) or a single file.

Commands

skylos init

Initialize Skylos configuration in the current directory. 
skylos init
Creates or appends a [tool.skylos] section to pyproject.toml with default settings.

skylos run

Start the local analysis server with a web UI. 
skylos run [--exclude-folder <folder>] [--include-folder <folder>] [--no-default-excludes]
Launches a Flask server at http://localhost:5000 for interactive analysis. Requires flask and flask-cors.

skylos <path>

Run static analysis on the specified path. 
skylos . --danger --quality

Output Options

FlagDescription
--jsonOutput raw JSON to stdout
--output, -o <file>Write results to a file
--treeDisplay findings in a hierarchical tree format
--table(Deprecated) Display findings in table format

Analysis Flags

FlagDescription
--dangerEnable security vulnerability scanning
--secretsEnable API key and secret detection
--qualityEnable code quality checks (complexity, nesting, etc.)
--traceRun tests with call tracing to capture dynamic dispatch (visitor patterns, getattr, plugins)
--confidence, -c <int>Confidence threshold (0-100). Lower values include more uncertain findings. Default: 60

Folder Exclusion

FlagDescription
--exclude-folder <folder>Exclude a folder from analysis. Can be used multiple times.
--include-folder <folder>Force include a folder that would otherwise be excluded.
--no-default-excludesDo not exclude default folders (__pycache__, .git, venv, etc.)
--list-default-excludesPrint the default excluded folders and exit
Example: 
# Exclude tests and migrations, but include venv
skylos . --exclude-folder tests --exclude-folder migrations --include-folder venv

Interactive Mode

FlagDescription
--interactive, -iInteractively select which findings to act on
--dry-runShow what would be removed without making changes
--comment-outComment out dead code instead of deleting it
Interactive mode requires the inquirer package.

AI-Powered Features

FlagDescription
--fixUse AI to automatically fix detected issues
--auditDeep scan files using AI for logic and security review
--model <model>Specify the LLM model (default: gpt-4.1). Use claude-* for Anthropic models.
These features require an API key. Skylos checks:
  1. Environment variables (OPENAI_API_KEY or ANTHROPIC_API_KEY)
  2. System keyring (saved from previous sessions)
  3. Interactive prompt (if neither is found)

Runtime Analysis

FlagDescription
--traceRun pytest with sys.settrace() to record all function calls, reducing false positives from dynamic code

When to Use --trace

Use --trace when static analysis flags code you know is used:
  • Visitor patterns (visit_FunctionDef called via getattr)
  • Plugin hooks (pytest_configure, pytest_addoption)
  • Dynamic dispatch (getattr(obj, method_name)())
skylos . --trace
The .skylos_trace file is saved in your project root. Commit it to skip re-running tests on subsequent scans.

Quality Gate

skylos <path> --gate [command...]
FlagDescription
--gateRun as a quality gate. Blocks if thresholds are exceeded.
If the gate passes, Skylos either runs the provided command or launches the deployment wizard. If the gate fails, it shows reasons and (unless strict = true) offers a bypass prompt. Example: 
skylos . --danger --gate npm run deploy

Other Options

FlagDescription
--versionPrint version and exit
--verbose, -vEnable verbose logging

Exit Codes

CodeMeaning
0Success (no issues or gate passed)
1Failure (analysis error or gate failed)

Examples

Basic dead code scan: 
skylos .
Full analysis with JSON output: 
skylos . --danger --secrets --quality --json -o report.json
Interactive cleanup: 
skylos . -i --dry-run
CI/CD gate that blocks on critical issues: 
skylos . --danger --quality --gate
AI-powered audit of changed files: 
skylos . --audit --model claude-sonnet-4-20250514