A3-Python Claude Skill

This repository contains a Claude skill for a3-python, an advanced automated analysis tool for Python codebases.

About A3-Python

A3 (Advanced Automated Analysis) combines non-LLM static analysis with optional agentic LLM triage to find real bugs in Python codebases with 99%+ accuracy. It uses:

• Bytecode analysis and Z3-backed symbolic execution for automatic proof of false positives
• Agentic LLM triage that explores codebases to classify remaining findings
• GitHub Actions integration for continuous security scanning

Using This Skill

This skill enables Claude to help you:

• Set up and configure a3-python for your Python projects
• Run static analysis scans on Python code
• Configure CI/CD pipelines with automated scanning and triage
• Interpret and act on analysis results
• Manage baselines for incremental bug detection

Installation

Recommended: Container Image (via GitHub Container Registry)

Pull and use the a3-python container image:

# Pull the latest image
docker pull ghcr.io/thehalleyyoung/a3-python:latest

# Run a3 with the current directory mounted
docker run --rm -v "$(pwd):/workspace" -w /workspace ghcr.io/thehalleyyoung/a3-python:latest a3 --help

# Create a convenient alias (add to ~/.bashrc or ~/.zshrc)
alias a3='docker run --rm -v "$(pwd):/workspace" -w /workspace ghcr.io/thehalleyyoung/a3-python:latest a3'

After setting the alias, use a3 commands as normal.

Optional: Local Installation via PyPI

For local development or if you prefer native installation:

# Basic installation
pip install a3-python

# With CI features (GitHub Actions, LLM triage, SARIF output)
pip install a3-python[ci]

Requires Python ≥ 3.11.

Quick Start

Note: The examples below assume you've either set up the a3 alias (as shown in Installation) or are using the full docker run command.

Scan a Project

# With alias
a3 scan . --output-sarif results.sarif

# Or with full docker command
docker run --rm -v "$(pwd):/workspace" -w /workspace ghcr.io/thehalleyyoung/a3-python:latest a3 scan . --output-sarif results.sarif

Scan with Agentic Triage

# With alias
a3 scan . --triage

# Or with full docker command (pass API keys as env vars if needed)
docker run --rm -v "$(pwd):/workspace" -w /workspace \
  -e OPENAI_API_KEY="$OPENAI_API_KEY" \
  ghcr.io/thehalleyyoung/a3-python:latest a3 scan . --triage

Set Up CI Integration

# With alias
a3 init . --copilot

# Or with full docker command
docker run --rm -v "$(pwd):/workspace" -w /workspace ghcr.io/thehalleyyoung/a3-python:latest a3 init . --copilot

# Then commit the generated files
git add .github/ .a3.yml .a3-baseline.json
git commit -m "ci: add a3 static analysis"

Files in This Repository

• SKILL.md: The main skill specification with instructions for Claude
• .a3.yml.example: Example configuration file for a3-python
• README.md: This file

Skill Structure

This skill follows the Agent Skills standard with:

• YAML frontmatter containing metadata (name, description)
• Comprehensive instructions for using a3-python
• Examples and best practices
• Configuration guidance

Resources

• a3-python Container Image (GitHub Container Registry)
• a3-python on PyPI
• Agent Skills Specification
• Claude Skills Documentation

License

This skill is provided as open source for use with Claude and a3-python.