S.I.L.O (Secure. Isolated. Lightweight. Offloaded.) helps developers bring their ideas to life by conquering the complexity of AI tool execution. It provides a trusted tool ecosystem for AI Agents—ensuring tools are invoked safely, reliably, and with zero configuration headache.
📖 Read the Documentation (or browse docs/index.md) for a trusted starting point on writing skills, security, and deploying as an MCP server.
Most "AI Skills" today are just unstructured text prompts telling an agent to "be smart" and write code on the fly to solve a problem. This works for simple tasks, but falls apart when you need reliable, repeatable, and secure integrations.
- Token Leaks: Passing API keys in prompts or CLI arguments is a massive security risk.
- Dependency Hell: Each skill needs its own
.venv,requirements.txt, and setup. - LLM Hallucinations: Agents struggle with unstructured text or unclear argument types.
- Complexity: Writing a full MCP server or a robust CLI wrapper takes too much boilerplate.
SILO is built on four core pillars:
- 🔒 Secure: Tokens or keys never reach the LLM context. In SILO, secrets live in your OS Keychain or Env, keeping them invisible to the model and the logs.
- 📦 Isolated: Skills are run in an encapsulated manner, meaning each skill contains all its dependencies and holds them in memory only for the duration of its execution. This requires no manual
venvinitialization or dependency installation, as it happens automatically. Deleting a skill clears all cached dependencies. The core idea is encapsulating all its data into a single "container". - 🪶 Lightweight: Skill instructions (SKILL.md) are minimalist and focused. A skill should solve one clearly defined task with maximum clarity.
- ⚡ Offloaded: Perform as much work as possible procedurally (in Python) rather than through the LLM. This saves tokens, reduces cognitive load on the agent, and ensures predictable, accurate results.
SILO transforms the development of AI tools into a streamlined 4-step process.
Start with a single command to generate a compliant skill template.
silo init github-skill --secrets GITHUB_TOKENThis creates a folder named github-skill with a PEP 723 compliant skill.py, ensuring uv can run it with all necessary dependencies (including silo-framework itself) in a temporary, encapsulated environment.
Define your commands using standard Python functions and Pydantic models. SILO handles the rest—argument parsing, JSON serialization, and error handling.
from silo import Skill, require_secret, AgentResponse
from pydantic import BaseModel
app = Skill("github")
class Issue(BaseModel):
title: str
body: str
@app.tool()
def create_issue(repo: str, detail: Issue):
"""Creates a new issue in a repository."""
# This NEVER leaks to the LLM.
# It fetches from Keychain, Env, or prompts via browser.
token = require_secret("GITHUB_TOKEN")
# Procedural logic (Offloaded from LLM)
return AgentResponse(
llm_text=f"Successfully created issue '{detail.title}' in {repo}",
raw_data={"status": "created", "repo": repo, "issue_id": 123}
)
if __name__ == "__main__":
app.run()Agents don't have a terminal (TTY). They don't have a display. They need clean, predictable output.
silo test github_skill.py create_issue --repo "user/repo" --detail '{"title": "Bug", "body": "Fixed"}'silo test runs your skill in a simulated "headless agent" environment, verifying that:
- The manifest generates correctly.
- Authentication fallbacks trigger properly.
- Output is valid JSON/Markdown.
Want to use this skill in Claude Desktop? You don't need to rewrite a single line. Just run it via the MCP command:
# silo run ... <-- Standard CLI
silo mcp run ... <-- Instant MCP tool server!When a skill needs a secret but there is no terminal (standard for agents), SILO:
- Checks
os.environ. - Checks the OS Keychain (macOS, Windows, Linux).
- If missing and a display is detected, it opens a local browser tab with a secure dark-mode form for the user to input the token. The token is saved to the keychain and aldrig passed to the agent.
Not sure if your system is ready for S.I.L.O?
silo doctorChecks for Python version, uv presence, Keychain accessibility, and critical dependencies.
MIT © Timur Pitsunov