Skip to main content
AI-powered analysis finds misconfigurations, risky tool access, missing guardrails, and other issues. Automatically triages false positives so you see real problems, not noise.
Requirements: Python 3.13 or laterSupported frameworks: Google ADK, Google GenAI, Anthropic, OpenAI, OpenAI Agents SDK, LangGraph, CrewAI, AutoGen, HuggingFace Transformers, HuggingFace smolagents
1

Install `flintai-cli`

pip install flintai-cli
For internal testing only. The package will be published to PyPI at launch. Until then, install from the repository:
git clone https://github.com/sandbox-quantum/flintai-cli
cd flintai-cli
pip install -e .
2

Configure your LLM provider

flintai-cli uses AI to read your agent code contextually and filter false positives. Run the interactive setup and select your LLM:
flintai init
You’ll be prompted to select a provider (Gemini, OpenAI, Anthropic, or LiteLLM), choose a model, and enter your API key. Your configuration is saved to ~/.flintai/.env.
Start free. Google Gemini offers a free tier with generous limits — test flintai-cli with no API costs.
3

Scan your Python agent code

Run the scan:
flintai scan .
Example output:
{
  "agents_found": 3,
  "framework_detected": "crewai",
  "findings": [
    {
      "category": "asi05_unexpected_code_execution",
      "ai_spm_severity": "Critical",
      "title": "Arbitrary Code Execution via eval()",
      "cvss_scores": { "base_score": 9.3 }
    }
  ]
}
flintai scan discovers agents in your codebase — you may find agents you didn’t know existed. Results are saved to scan_<timestamp>.json.
Integrate with CI/CD. Save scan_<timestamp>.json as a build artifact to prove validation before deployment. Learn how →

Next steps

Issues found?

Understand severity scores and what needs fixing before deployment

Clean scan?

Get a 0.0-1.0 reliability score for agent runtime behavior