---
title: "Scan Python code for risky security patterns with Bandit before review or release"
description: "Catch insecure Python calls, weak crypto usage, shell injection risks, and similar patterns before merge or release."
verification: "listed"
source: "https://github.com/PyCQA/bandit"
author: "PyCQA"
publisher_type: "organization"
category:
  - "Security & Verification"
framework:
  - "Multi-Framework"
tool_ecosystem:
  github_repo: "PyCQA/bandit"
  github_stars: 7933
---

# Scan Python code for risky security patterns with Bandit before review or release

Catch insecure Python calls, weak crypto usage, shell injection risks, and similar patterns before merge or release.

## Prerequisites

Bandit CLI, Python source tree

## Installation

Choose whichever fits your setup:

1. Copy this skill folder into your local skills directory.
2. Clone the repo and symlink or copy the skill into your agent workspace.
3. Add the repo as a git submodule if you manage shared skills centrally.
4. Install it through your internal provisioning or packaging workflow.
5. Download the folder directly from GitHub and place it in your skills collection.

Install command or upstream instructions:

```
Install Bandit from the official documentation, then point it at a Python package or repository and review the reported findings before merge or release.
```

## Documentation

- https://bandit.readthedocs.io/

## Source

- [Agent Skill Exchange](https://agentskillexchange.com/skills/scan-python-code-for-risky-security-patterns-with-bandit-before-review-or-release/)