Static Analysis for LLM Agent Skills

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

Razin - Static analysis for LLM agent skills

razin

Razin is a local scanner for SKILL.md-defined agent skills. It performs static analysis only (no execution) and writes deterministic findings.

Documentation

Full documentation lives at:

Canonical docs source in this repository:

  • docs/

Use this README for quick start only.

Requirements

  • Python 3.12+

Install

pip install razin
razin --help

Quick start

Run a scan:

razin scan -r . -o output/

Validate config:

razin validate-config -r .

Common CI gates

# Fail if any high-severity finding exists
razin scan -r . --fail-on high --no-stdout

# Fail if aggregate score is 70 or above
razin scan -r . --fail-on-score 70 --no-stdout

Output formats

# Default per-skill JSON reports
razin scan -r . -o output/ --output-format json

# Add CSV + SARIF exports
razin scan -r . -o output/ --output-format json,csv,sarif

Local development

uv sync --dev
uv run pytest -q
uv run ruff check src tests
uv run mypy src tests

Docs preview and checks:

uv sync --group docs
uv run mkdocs serve
uv run mkdocs build --strict
uv run mdformat --check README.md docs

Where to read more

  • Getting started: docs/getting-started.md
  • CLI reference: docs/cli-reference.md
  • Configuration: docs/configuration.md
  • Detectors: docs/detectors.md
  • Output formats: docs/output-formats.md
  • Docker workflow: docs/docker.md
  • CI and exit codes: docs/ci-and-exit-codes.md
  • Troubleshooting: docs/troubleshooting.md

Contributing

See CONTRIBUTING.md.

Security

See SECURITY.md.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

1.5.0

1.4.0

1.3.2

This version

1.3.1

1.3.0

1.2.0

1.1.1

1.1.0

1.0.2

1.0.1

1.0.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

razin-1.3.1.tar.gz (213.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

razin-1.3.1-py3-none-any.whl (132.8 kB view details)

Uploaded Python 3

File details

Details for the file razin-1.3.1.tar.gz.

File metadata

  • Download URL: razin-1.3.1.tar.gz
  • Upload date:
  • Size: 213.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for razin-1.3.1.tar.gz
Algorithm Hash digest
SHA256 cb7862da370e607cf2c04fd1e0d663d463df89752d8b1423c5489031bd77b792
MD5 9a768054380166edfc8938b5e6ca8c01
BLAKE2b-256 5e8246d0ded28edf107e309393e44ca42a21f3ef8684d137ac75d0d54a2a977e

See more details on using hashes here.

Provenance

The following attestation bundles were made for razin-1.3.1.tar.gz:

Publisher: release-pypi.yml on theinfosecguy/razin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file razin-1.3.1-py3-none-any.whl.

File metadata

  • Download URL: razin-1.3.1-py3-none-any.whl
  • Upload date:
  • Size: 132.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for razin-1.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5e9c6f20585bc4328681530f6d2d51e74d3e20d635a7eaf88bfa3550dcbba203
MD5 94ad934d37ca1b569997c4f6ba0bd68c
BLAKE2b-256 03b132b7f1d21acc5fb0c6ca14442d6aa93ae5aabca72c03149de0ca3d1292a7

See more details on using hashes here.

Provenance

The following attestation bundles were made for razin-1.3.1-py3-none-any.whl:

Publisher: release-pypi.yml on theinfosecguy/razin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page