FlutterGuard CLI is a professional, AI-powered command-line utility for comprehensive security and compliance analysis of Flutter Android applications. Designed for engineering teams, security professionals, and agencies, FlutterGuard delivers actionable, human-quality remediation guidance and compliance insights for every scan finding.
- AI-Powered Remediation: Integrates with leading AI providers (OpenAI, Gemini, Claude, xAI, and more) to generate professional, actionable remediation steps and compliance explanations for every security or privacy finding.
- Comprehensive Static Analysis: Detects hardcoded secrets, API endpoints, permissions, SDKs, third-party services, and more.
- Privacy & Compliance Checks: Flags risks related to GDPR, COPPA, Play Store, and other regulatory requirements, with clear, human-readable explanations.
- CI/CD Integration: Ready for automation in pipelines, with structured output and machine-readable formats.
- Professional Reports: Generates detailed Markdown and JSON reports suitable for audits, client delivery, and internal review.
- Offline-First: All analysis runs locally by default. No data is sent to the cloud unless you explicitly enable AI or network features.
FlutterGuard CLI supports multiple AI providers for remediation and compliance guidance. You can configure the AI engine via environment variables or CLI flags.
- OpenAI
- Google Gemini
- Anthropic Claude
- xAI
- OpenRouter
Set the following environment variables or use equivalent CLI flags:
FLUTTERGUARD_AI_ENABLED=1— Enable AI-powered remediationFLUTTERGUARD_AI_PROVIDER=openai|gemini|claude|xai|openrouter— Select providerFLUTTERGUARD_AI_KEY=...— API key for the selected providerFLUTTERGUARD_AI_BASEURL=...— (Optional) Custom API endpoint
Example:
export FLUTTERGUARD_AI_ENABLED=1
export FLUTTERGUARD_AI_PROVIDER=openai
export FLUTTERGUARD_AI_KEY=sk-...
flutterguard-cli --apk app.apk --outDir ./results --enable-ai-remediationWhen enabled, all findings in the report will include a dedicated "Remediation Guidance" section with professional, human-like explanations and actionable steps.
- Secrets & API Keys: Detects hardcoded credentials and sensitive tokens
- Network & API Endpoints: Extracts all URLs, domains, and backend endpoints
- Dependencies: Lists all Flutter/Dart packages and third-party SDKs
- App Metadata: Reports package name, version, SDK targets, and permissions
- Third-Party Services: Identifies analytics, ad networks, and bundled SDKs
- Certificate Information: Analyzes signing certificates for trust and compliance
- Assets & Resources: Catalogs all embedded files, assets, and resources
- Decompiled Source: Optionally provides full decompiled APK contents for audit
...existing code...
One-line install for Linux/macOS:
curl -sSL https://raw.githubusercontent.com/flutterguard/flutterguard-cli/main/install.sh | bashOne-line install for Windows (PowerShell):
irm https://raw.githubusercontent.com/flutterguard/flutterguard-cli/main/install.ps1 | iexThe script will automatically detect your OS/architecture, download the latest release, and install it to your PATH.
Option 1: Download Pre-Built Binary
Step 1: Download from Releases:
| Platform | Download Link |
|---|---|
| Linux (x64) | flutterguard-cli-linux-amd64 |
| Linux (ARM64) | flutterguard-cli-linux-arm64 |
| macOS (Intel) | flutterguard-cli-darwin-amd64 |
| macOS (Apple Silicon) | flutterguard-cli-darwin-arm64 |
| Windows (x64) | flutterguard-cli-windows-amd64.exe |
Step 2: Install it on your system:
Linux/macOS:
# Make executable
chmod +x flutterguard-cli-*
# Install to PATH
sudo mv flutterguard-cli-* /usr/local/bin/flutterguard-cli
# Verify
flutterguard-cli --versionWindows:
- Rename the downloaded file to
flutterguard-cli.exe - Move it to a directory in your PATH (e.g.,
C:\Windows\System32) - Or keep it anywhere and add that directory to your PATH
# Verify
flutterguard-cli.exe --versionOption 2: Build From Source
Requirements:
- Go 1.24+ (Download Go)
- Git
Steps:
# Clone the repository
git clone https://github.com/flutterguard/flutterguard-cli.git
cd flutterguard-cli
# Build
go build -o flutterguard-cli
# Install (optional)
sudo mv flutterguard-cli /usr/local/bin/
# Verify
flutterguard-cli --versionOption 3: Package Managers (Coming Soon)
We're working on adding support for popular package managers:
- Homebrew (macOS/Linux):
brew install flutterguard-cli - Snap (Linux):
snap install flutterguard-cli - Chocolatey (Windows):
choco install flutterguard-cli - AUR (Arch Linux):
yay -S flutterguard-cli - Scoop (Windows):
scoop install flutterguard-cli
Stay tuned for updates!
FlutterGuard works standalone, but these tools provide richer analysis:
- AAPT2 — Enhanced APK metadata extraction
- Linux:
sudo apt install aapt - macOS: Included with Android SDK
- Windows: Download from Android SDK
- Linux:
- JADX — Advanced Java decompilation
- Download: github.com/skylot/jadx/releases
- Or via Homebrew:
brew install jadx
- OpenSSL — Detailed certificate inspection (usually pre-installed on Linux/macOS)
Run a full security and compliance scan on a Flutter APK:
flutterguard-cli --apk app.apk --outDir ./resultsThis creates a results directory with all findings, assets, and a professional Markdown report.
Add the --enable-ai-remediation flag (or set FLUTTERGUARD_AI_ENABLED=1) to include AI-generated remediation and compliance guidance in your reports.
summary.md: Human-readable, professional Markdown report with remediation guidanceanalysis.json: Full structured data for automation and audit*.txt: Raw lists of emails, domains, endpoints, etc.assets/: All extracted resources, organized by typedecompiled/: Decompiled APK contents (optional)
...existing code...
- Professional, Human-Quality Guidance: All AI-generated remediation is reviewed for clarity, accuracy, and professionalism.
- No Vendor Lock-In: Choose your preferred AI provider or run fully offline.
- Enterprise-Ready: Designed for security teams, agencies, and regulated environments.
- Transparent and Auditable: All findings and AI guidance are saved locally for review and compliance.
FlutterGuard CLI is written in Go for maximum portability, performance, and ease of deployment. No dependencies, no runtime, just a single binary.
Contributions are welcome! Whether it's bug fixes, new features, or documentation improvements.
# Fork and clone the repository
git clone https://github.com/YOUR_USERNAME/flutterguard-cli.git
cd flutterguard-cli
# Download dependencies
go mod download
# Build the project
go build -o build/flutterguard-cli
# Run tests
go test ./...- 🔍 New detection patterns for secrets and suspicious code
- 🛠️ Integration with additional analysis tools
- 📊 New report formats (HTML, PDF, CSV)
- 🐛 Bug fixes and performance improvements
- 📚 Documentation and examples
- 🌍 Internationalization support
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes with clear commit messages
- Add tests for new functionality
- Run
go test ./...andgo vet ./... - Submit a pull request with a clear description
- Follow standard Go formatting (
gofmt,go vet) - Use descriptive names for functions and variables
- Comment exported functions and complex logic
- Keep functions focused and reasonably sized
- Write tests for new features
Found a bug? Open an issue with:
- Description of what you tried to do
- What happened vs. what you expected
- Your OS, Go version, and FlutterGuard version
- Steps to reproduce (if possible)
MIT License - see the LICENSE file for details.
FlutterGuard CLI: Professional AI-powered security and compliance for Flutter applications.
