Static Analysis for LLM Agent Skills
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Razin - Static analysis for LLM agent skills
Razin is a local scanner for SKILL.md-defined agent skills.
It performs static analysis only (no execution) and writes deterministic findings.
Table of contents
- Documentation
- Requirements
- Install
- Quick start
- Local development
- Where to read more
- Contributing
- Security
- License
Documentation
Full documentation lives at:
Canonical docs source in this repository:
docs/
Use this README for quick start only.
Requirements
- Python
3.12+
Install
With Homebrew (current, via tap):
brew tap theinfosecguy/homebrew-tap
brew install razin
razin --help
With PyPI:
pip install razin
razin --help
Quick start
Run a scan:
razin scan -r . -o output/
Validate config:
razin validate-config -r .
Common CI gates
# Fail if any high-severity finding exists
razin scan -r . --fail-on high --no-stdout
# Fail if aggregate score is 70 or above
razin scan -r . --fail-on-score 70 --no-stdout
Output formats
# Default per-skill JSON reports
razin scan -r . -o output/ --output-format json
# Add CSV + SARIF exports
razin scan -r . -o output/ --output-format json,csv,sarif
Local development
uv sync --dev
uv run pytest -q
uv run ruff check src tests
uv run mypy src tests
Docs preview and checks:
uv sync --group docs
uv run mkdocs serve
uv run mkdocs build --strict
uv run mdformat --check README.md docs
Where to read more
- Getting started
- CLI reference
- Configuration
- Detectors
- Output formats
- Docker workflow
- CI and exit codes
- Troubleshooting
Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md.
License
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file razin-1.5.0.tar.gz.
File metadata
- Download URL: razin-1.5.0.tar.gz
- Upload date:
- Size: 237.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
96966ac5188e523c5bdf9572e33fa24dee58015eac2f2dde97adbba1ba2d4765
|
|
| MD5 |
d1e292213d86cb5a503817258d567178
|
|
| BLAKE2b-256 |
379651fec086668436be9396c404c9cbb967d1bb3014a15177c4de81cd032ac7
|
Provenance
The following attestation bundles were made for razin-1.5.0.tar.gz:
Publisher:
release-pypi.yml on theinfosecguy/razin
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
razin-1.5.0.tar.gz -
Subject digest:
96966ac5188e523c5bdf9572e33fa24dee58015eac2f2dde97adbba1ba2d4765 - Sigstore transparency entry: 1107704985
- Sigstore integration time:
-
Permalink:
theinfosecguy/razin@ecfdeff63859b158ea83875f752216d70e667d01 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/theinfosecguy
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-pypi.yml@ecfdeff63859b158ea83875f752216d70e667d01 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file razin-1.5.0-py3-none-any.whl.
File metadata
- Download URL: razin-1.5.0-py3-none-any.whl
- Upload date:
- Size: 148.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ac7ede8d0ba4ebb35bb97849a2c83e4d03d094a05d0cdd25c245d3ec6e37034d
|
|
| MD5 |
658b6fb919ccd343f3ebedeaac08b4dc
|
|
| BLAKE2b-256 |
2a09125f1b171b2bbc57dac61e450de615178041015da3bad08deafa5c156264
|
Provenance
The following attestation bundles were made for razin-1.5.0-py3-none-any.whl:
Publisher:
release-pypi.yml on theinfosecguy/razin
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
razin-1.5.0-py3-none-any.whl -
Subject digest:
ac7ede8d0ba4ebb35bb97849a2c83e4d03d094a05d0cdd25c245d3ec6e37034d - Sigstore transparency entry: 1107704986
- Sigstore integration time:
-
Permalink:
theinfosecguy/razin@ecfdeff63859b158ea83875f752216d70e667d01 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/theinfosecguy
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-pypi.yml@ecfdeff63859b158ea83875f752216d70e667d01 -
Trigger Event:
workflow_dispatch
-
Statement type:
