Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

acaprino/python-dead-code

Name: python-dead-code
Author: acaprino

plugins/python-development/skills/python-dead-code/SKILL.md

npx skillsauth add acaprino/alfio-claude-plugins python-dead-code

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Python Dead Code Detection

Detect and remove unused code in Python projects using vulture and ruff. Framework-aware analysis that distinguishes real dead code from convention-driven usage patterns.

Core Expertise

What it detects

Unused imports (ruff F401)
Unused variables (ruff F841)
Redefined-unused names (ruff F811)
Unused functions and classes (vulture)
Unreachable code after return/raise/break (vulture)

Key capabilities

Two-tool approach: ruff for fast lint-level checks, vulture for deeper analysis
Framework-aware false positive filtering
Confidence scoring (vulture --min-confidence)
Whitelist support for intentional exceptions
CI/CD integration (GitHub Actions, pre-commit)

Installation

# Using uv (recommended)
uv tool install vulture
uv tool install ruff

# Or via pip
pip install vulture ruff

# Verify installation
uv run vulture --version 2>/dev/null || vulture --version
uv run ruff --version 2>/dev/null || ruff --version

Basic Usage

Ruff (Fast Lint-Level Checks)

# Unused imports (F401)
ruff check [target] --select F401

# Unused variables (F841)
ruff check [target] --select F841

# Redefined unused names (F811)
ruff check [target] --select F811

# All unused-code rules together
ruff check [target] --select F401,F811,F841

# Auto-fix safe removals (imports only)
ruff check [target] --select F401 --fix

# Preview what would be fixed
ruff check [target] --select F401 --fix --diff

Vulture (Deep Unused Code Detection)

# Full scan with default confidence (60%)
vulture [target]

# Higher confidence -- fewer false positives (recommended)
vulture [target] --min-confidence 80

# Very high confidence -- only obvious dead code
vulture [target] --min-confidence 90

# Scan with whitelist
vulture [target] whitelist.py --min-confidence 80

# Exclude specific paths
vulture [target] --exclude "venv,__pycache__,.git,migrations"

# Sort by confidence (highest first)
vulture [target] --min-confidence 80 --sort-by-size

Categorizing Findings

Group results into these categories for structured reporting:

| Category | Source | Rule/Detection | |----------|--------|----------------| | Unused imports | ruff | F401 | | Unused variables | ruff | F841 | | Redefined-unused | ruff | F811 | | Unused functions | vulture | unused function | | Unused classes | vulture | unused class | | Unused properties | vulture | unused property | | Unreachable code | vulture | unreachable code |

Interpreting Vulture Output

src/utils.py:42: unused function 'calculate_tax' (60% confidence)
src/models.py:15: unused class 'LegacyUser' (90% confidence)
src/views.py:8: unused import 'render' (90% confidence)

90-100% confidence: Almost certainly dead code
80-89% confidence: Very likely dead code, worth investigating
60-79% confidence: Possible dead code, check for dynamic usage

False Positive Handling

Framework Conventions

These patterns are NOT dead code even if vulture flags them:

Django

Views referenced in urls.py via string paths
Model fields (accessed via ORM, not direct attribute access)
Signal handlers connected via @receiver
Management commands (handle method)
Admin classes registered with @admin.register
Middleware classes referenced in MIDDLEWARE setting
Template tags and filters
Form/serializer fields

FastAPI / Flask

Route handlers decorated with @app.get, @app.post, etc.
Dependency injection functions used in Depends()
Event handlers (@app.on_event)
Exception handlers

pytest

Fixtures decorated with @pytest.fixture (used by name injection)
Conftest fixtures (auto-discovered)
Parametrize arguments
Plugin hooks (pytest_* functions)

click / typer

Commands decorated with @cli.command()
Callback functions
Parameter callbacks

General Python

__all__ exports
__init__, __str__, __repr__, and other dunder methods
getattr / importlib dynamic access
Abstract method implementations
Celery tasks decorated with @app.task or @shared_task
Pydantic model fields and validators

Creating Whitelist Files

# whitelist.py -- tell vulture these are intentionally used

# Django views (referenced via urls.py string paths)
index_view  # unused function
detail_view  # unused function

# pytest fixtures
db_session  # unused function
mock_client  # unused function

# Celery tasks
send_notification_email  # unused function

# Signal handlers
on_user_created  # unused function

Generate a whitelist automatically:

# Vulture can generate a whitelist from its findings
vulture [target] --make-whitelist > whitelist.py

Then review and keep only the intentional entries.

Configuration

pyproject.toml (ruff)

[tool.ruff.lint]
# Enable unused-code rules
select = ["F401", "F811", "F841"]

[tool.ruff.lint.per-file-ignores]
# Allow unused imports in __init__.py (re-exports)
"__init__.py" = ["F401"]
# Allow unused imports in conftest.py (fixtures)
"conftest.py" = ["F401"]
# Allow unused imports in type stubs
"*.pyi" = ["F401"]

pyproject.toml (vulture)

[tool.vulture]
min_confidence = 80
exclude = [
    "venv/",
    ".venv/",
    "__pycache__/",
    "migrations/",
    "node_modules/",
]
paths = ["src/", "app/"]

.vulture_whitelist.py

# Symbols that vulture flags but are used dynamically
from myapp.models import *  # noqa: F403 -- re-export

Cleanup Workflow

Apply removals in safest-first order:

1. Unused imports (safest)

# Auto-fix with ruff
ruff check [target] --select F401 --fix

# Or remove manually via editor

Verify: python -c "import mymodule" still works.

2. Unused variables

# Review each finding
ruff check [target] --select F841

For unpacking, replace with _:

# Before
x, y, z = get_coords()  # z unused

# After
x, y, _ = get_coords()

3. Unused functions and classes (riskiest)

For each vulture finding with >= 80% confidence:

Search for dynamic usage: grep -r "function_name" across the codebase
Check __all__ exports: is it in a public API?
Check decorators: @receiver, @app.task, @pytest.fixture, etc.
Check string references: URLs, configs, serializers referencing by name
If truly unused: delete the definition

4. Unreachable code

Remove code blocks after unconditional return, raise, break, or continue.

CI/CD Integration

GitHub Actions

name: Dead Code Check
on:
  push:
    branches: [main]
  pull_request:

jobs:
  dead-code:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: astral-sh/setup-uv@v4

      - name: Check unused imports
        run: uvx ruff check . --select F401,F841 --output-format github

      - name: Check dead code (vulture)
        run: uvx vulture src/ --min-confidence 90

Pre-commit Hook

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.9.0
    hooks:
      - id: ruff
        args: [--select, "F401,F841", --fix]

  - repo: https://github.com/jendrikseipp/vulture
    rev: v2.14
    hooks:
      - id: vulture
        args: [--min-confidence, "90"]

Makefile Target

.PHONY: dead-code
dead-code:
	ruff check . --select F401,F811,F841
	vulture src/ --min-confidence 80

Common Patterns

Check Only Imports (Fastest)

ruff check . --select F401

Use in CI for strict import hygiene.

Full Dead Code Audit

# Step 1: fast lint checks
ruff check . --select F401,F811,F841

# Step 2: deep analysis
vulture . --min-confidence 80 --exclude "venv,migrations,__pycache__"

# Step 3: cross-reference and filter false positives

Monorepo / Multi-package

# Scan specific packages
vulture packages/core/ --min-confidence 80
vulture packages/api/ --min-confidence 80

# Or scan all with shared whitelist
vulture packages/ whitelist.py --min-confidence 80

Library Development

# Be conservative -- public API symbols may appear unused
vulture src/mylib/ --min-confidence 90

# Exclude __init__.py re-exports
ruff check src/mylib/ --select F401 --per-file-ignores "__init__.py:F401"

Troubleshooting

Too Many False Positives

Increase --min-confidence to 90
Create a whitelist file for framework-specific patterns
Use --exclude for generated code, migrations, vendored code

Vulture Missing Files

# Ensure target path is correct
vulture src/ tests/ --min-confidence 80

# Debug: list what vulture scans
vulture src/ --min-confidence 80 2>&1 | head -20

Ruff Not Detecting Unused Imports

# Check if F401 is enabled
ruff check --show-settings | grep F401

# Force enable
ruff check . --select F401 --config "lint.select = ['F401']"

Conflict Between Ruff and Vulture

Ruff and vulture may flag the same import. Use ruff for imports (auto-fixable) and vulture for functions/classes (needs manual review). Deduplicate findings before presenting.

References

Vulture docs: https://github.com/jendrikseipp/vulture
Ruff F rules: https://docs.astral.sh/ruff/rules/#pyflakes-f
Ruff configuration: https://docs.astral.sh/ruff/configuration/

acaprino/python-dead-code

plugins/python-development/skills/python-dead-code/SKILL.md

Detect and remove unused Python code using vulture and ruff. Covers unused imports, variables, functions, classes, and unreachable code. Framework-aware false positive handling for Django, FastAPI, pytest, click, and more. TRIGGER WHEN: cleaning up Python codebases, enforcing import hygiene, or integrating dead code checks into CI. DO NOT TRIGGER WHEN: the task is outside the specific scope of this component.

tools

Updated Mar 26, 2026

$ install --global

skillsauth

npx skillsauth add acaprino/alfio-claude-plugins python-dead-code

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

70%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 7, 2026, 2:21 PM211.8s1 file scanned

SKILL.md

name:: python-dead-code
description:: >
TRIGGER WHEN:: cleaning up Python codebases, enforcing import hygiene, or integrating dead code checks into CI.
DO NOT TRIGGER WHEN:: the task is outside the specific scope of this component.

Python Dead Code Detection

Detect and remove unused code in Python projects using vulture and ruff. Framework-aware analysis that distinguishes real dead code from convention-driven usage patterns.

Core Expertise

What it detects

Unused imports (ruff F401)
Unused variables (ruff F841)
Redefined-unused names (ruff F811)
Unused functions and classes (vulture)
Unreachable code after return/raise/break (vulture)

Key capabilities

Two-tool approach: ruff for fast lint-level checks, vulture for deeper analysis
Framework-aware false positive filtering
Confidence scoring (vulture --min-confidence)
Whitelist support for intentional exceptions
CI/CD integration (GitHub Actions, pre-commit)

Installation

# Using uv (recommended)
uv tool install vulture
uv tool install ruff

# Or via pip
pip install vulture ruff

# Verify installation
uv run vulture --version 2>/dev/null || vulture --version
uv run ruff --version 2>/dev/null || ruff --version

Basic Usage

Ruff (Fast Lint-Level Checks)

# Unused imports (F401)
ruff check [target] --select F401

# Unused variables (F841)
ruff check [target] --select F841

# Redefined unused names (F811)
ruff check [target] --select F811

# All unused-code rules together
ruff check [target] --select F401,F811,F841

# Auto-fix safe removals (imports only)
ruff check [target] --select F401 --fix

# Preview what would be fixed
ruff check [target] --select F401 --fix --diff

Vulture (Deep Unused Code Detection)

# Full scan with default confidence (60%)
vulture [target]

# Higher confidence -- fewer false positives (recommended)
vulture [target] --min-confidence 80

# Very high confidence -- only obvious dead code
vulture [target] --min-confidence 90

# Scan with whitelist
vulture [target] whitelist.py --min-confidence 80

# Exclude specific paths
vulture [target] --exclude "venv,__pycache__,.git,migrations"

# Sort by confidence (highest first)
vulture [target] --min-confidence 80 --sort-by-size

Categorizing Findings

Group results into these categories for structured reporting:

Interpreting Vulture Output

src/utils.py:42: unused function 'calculate_tax' (60% confidence)
src/models.py:15: unused class 'LegacyUser' (90% confidence)
src/views.py:8: unused import 'render' (90% confidence)

90-100% confidence: Almost certainly dead code
80-89% confidence: Very likely dead code, worth investigating
60-79% confidence: Possible dead code, check for dynamic usage

False Positive Handling

Framework Conventions

These patterns are NOT dead code even if vulture flags them:

Django

Views referenced in urls.py via string paths
Model fields (accessed via ORM, not direct attribute access)
Signal handlers connected via @receiver
Management commands (handle method)
Admin classes registered with @admin.register
Middleware classes referenced in MIDDLEWARE setting
Template tags and filters
Form/serializer fields

FastAPI / Flask

Route handlers decorated with @app.get, @app.post, etc.
Dependency injection functions used in Depends()
Event handlers (@app.on_event)
Exception handlers

pytest

Fixtures decorated with @pytest.fixture (used by name injection)
Conftest fixtures (auto-discovered)
Parametrize arguments
Plugin hooks (pytest_* functions)

click / typer

Commands decorated with @cli.command()
Callback functions
Parameter callbacks

General Python

__all__ exports
__init__, __str__, __repr__, and other dunder methods
getattr / importlib dynamic access
Abstract method implementations
Celery tasks decorated with @app.task or @shared_task
Pydantic model fields and validators

Creating Whitelist Files

# whitelist.py -- tell vulture these are intentionally used

# Django views (referenced via urls.py string paths)
index_view  # unused function
detail_view  # unused function

# pytest fixtures
db_session  # unused function
mock_client  # unused function

# Celery tasks
send_notification_email  # unused function

# Signal handlers
on_user_created  # unused function

Generate a whitelist automatically:

# Vulture can generate a whitelist from its findings
vulture [target] --make-whitelist > whitelist.py

Then review and keep only the intentional entries.

Configuration

pyproject.toml (ruff)

[tool.ruff.lint]
# Enable unused-code rules
select = ["F401", "F811", "F841"]

[tool.ruff.lint.per-file-ignores]
# Allow unused imports in __init__.py (re-exports)
"__init__.py" = ["F401"]
# Allow unused imports in conftest.py (fixtures)
"conftest.py" = ["F401"]
# Allow unused imports in type stubs
"*.pyi" = ["F401"]

pyproject.toml (vulture)

[tool.vulture]
min_confidence = 80
exclude = [
    "venv/",
    ".venv/",
    "__pycache__/",
    "migrations/",
    "node_modules/",
]
paths = ["src/", "app/"]

.vulture_whitelist.py

# Symbols that vulture flags but are used dynamically
from myapp.models import *  # noqa: F403 -- re-export

Cleanup Workflow

Apply removals in safest-first order:

1. Unused imports (safest)

# Auto-fix with ruff
ruff check [target] --select F401 --fix

# Or remove manually via editor

Verify: python -c "import mymodule" still works.

2. Unused variables

# Review each finding
ruff check [target] --select F841

For unpacking, replace with _:

# Before
x, y, z = get_coords()  # z unused

# After
x, y, _ = get_coords()

3. Unused functions and classes (riskiest)

For each vulture finding with >= 80% confidence:

Search for dynamic usage: grep -r "function_name" across the codebase
Check __all__ exports: is it in a public API?
Check decorators: @receiver, @app.task, @pytest.fixture, etc.
Check string references: URLs, configs, serializers referencing by name
If truly unused: delete the definition

4. Unreachable code

Remove code blocks after unconditional return, raise, break, or continue.

CI/CD Integration

GitHub Actions

name: Dead Code Check
on:
  push:
    branches: [main]
  pull_request:

jobs:
  dead-code:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: astral-sh/setup-uv@v4

      - name: Check unused imports
        run: uvx ruff check . --select F401,F841 --output-format github

      - name: Check dead code (vulture)
        run: uvx vulture src/ --min-confidence 90

Pre-commit Hook

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.9.0
    hooks:
      - id: ruff
        args: [--select, "F401,F841", --fix]

  - repo: https://github.com/jendrikseipp/vulture
    rev: v2.14
    hooks:
      - id: vulture
        args: [--min-confidence, "90"]

Makefile Target

.PHONY: dead-code
dead-code:
	ruff check . --select F401,F811,F841
	vulture src/ --min-confidence 80

Common Patterns

Check Only Imports (Fastest)

ruff check . --select F401

Use in CI for strict import hygiene.

Full Dead Code Audit

# Step 1: fast lint checks
ruff check . --select F401,F811,F841

# Step 2: deep analysis
vulture . --min-confidence 80 --exclude "venv,migrations,__pycache__"

# Step 3: cross-reference and filter false positives

Monorepo / Multi-package

# Scan specific packages
vulture packages/core/ --min-confidence 80
vulture packages/api/ --min-confidence 80

# Or scan all with shared whitelist
vulture packages/ whitelist.py --min-confidence 80

Library Development

# Be conservative -- public API symbols may appear unused
vulture src/mylib/ --min-confidence 90

# Exclude __init__.py re-exports
ruff check src/mylib/ --select F401 --per-file-ignores "__init__.py:F401"

Troubleshooting

Too Many False Positives

Increase --min-confidence to 90
Create a whitelist file for framework-specific patterns
Use --exclude for generated code, migrations, vendored code

Vulture Missing Files

# Ensure target path is correct
vulture src/ tests/ --min-confidence 80

# Debug: list what vulture scans
vulture src/ --min-confidence 80 2>&1 | head -20

Ruff Not Detecting Unused Imports

# Check if F401 is enabled
ruff check --show-settings | grep F401

# Force enable
ruff check . --select F401 --config "lint.select = ['F401']"

Conflict Between Ruff and Vulture

Ruff and vulture may flag the same import. Use ruff for imports (auto-fixable) and vulture for functions/classes (needs manual review). Deduplicate findings before presenting.

References

Vulture docs: https://github.com/jendrikseipp/vulture
Ruff F rules: https://docs.astral.sh/ruff/rules/#pyflakes-f
Ruff configuration: https://docs.astral.sh/ruff/configuration/

Related Skills

acaprino/frontend-css

development

VerifiedTrustedCommunity

Unified web frontend knowledge base covering CSS architecture, UX psychology, UI components, distinctive aesthetics, and interface design generation. TRIGGER WHEN: working on web styling, design systems, component decisions, responsive strategy, distinctive frontend aesthetics, or exploring multiple interface designs. DO NOT TRIGGER WHEN: the task is purely backend or unrelated to web frontend.

5SKILL.mdUpdated May 13, 2026

acaprino/frontend-css

acaprino/multi-reviewer-patterns

development

VerifiedTrustedCommunity

Coordinate parallel code reviews across multiple quality dimensions with finding deduplication, severity calibration, and consolidated reporting. Use this skill when organizing multi-reviewer code reviews, calibrating finding severity, or consolidating review results.

5SKILL.mdUpdated Apr 1, 2026

acaprino/multi-reviewer-patterns

acaprino/codebase-mapper

tools

VerifiedTrustedCommunity

Knowledge base for the codebase-mapper plugin. Provides writing guidelines, tone rules, and diagram conventions for generating human-readable project guides. Referenced by all codebase-mapper agents during document generation. TRIGGER WHEN: referenced by codebase-mapper pipeline agents (codebase-explorer, overview-writer, tech-writer, flow-writer, onboarding-writer, ops-writer, config-writer, guide-reviewer) during document generation. DO NOT TRIGGER WHEN: outside the /map-codebase pipeline (general documentation work should use docs:readme-craft or codebase-mapper:docs-create).

5SKILL.mdUpdated Mar 26, 2026

acaprino/codebase-mapper

acaprino/pwa-development

tools

VerifiedTrustedCommunity

Progressive Web App knowledge base for 2025-2026: Web App Manifest, Service Workers (Workbox 7, Serwist), Web Push (VAPID, RFC 8030/8291/8292, Declarative Push for Safari 18.4+), install flows (beforeinstallprompt, Window Controls Overlay), OPFS storage, Project Fugu, Core Web Vitals (INP < 200ms), security (HTTPS, CSP, COOP/COEP), and distribution (Bubblewrap, PWA Builder MSIX, Capacitor). TRIGGER WHEN: building, auditing, or debugging PWAs, including manifest, service worker, Web Push, install flow, OPFS, Background Sync, Wake Lock, vite-plugin-pwa, Next.js Serwist, @angular/pwa, @vite-pwa/nuxt, Bubblewrap, TWA, PWA Builder, or Capacitor wrapping. DO NOT TRIGGER WHEN: the task is generic frontend styling (use frontend), React performance (use react-development:review-react), cross-platform security unrelated to PWA (use platform-engineering), Tauri or Electron wrappers (use tauri-development), or GA4 / analytics (use digital-marketing).

3SKILL.mdUpdated May 26, 2026

acaprino/pwa-development

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/acaprino/alfio-claude-plugins.git

# Copy into Claude Code skills folder (global)
cp -r alfio-claude-plugins/plugins/python-development/skills/python-dead-code ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

acaprino/alfio-claude-plugins

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT