Your AI agent runs code every day: API calls, file operations, shell commands through its tools. Who watches that code? Most frameworks don't. They let the agent loose and hope nothing breaks or gets stolen.
Flowork ships with a threat radar — a built-in security scanner that watches the code your agents execute and lets you scan your own code or an authorized external target. No other agent framework does this.
The Dashboard
Open Threat Radar and you see a live sweep on the left with three numbers:
- runs — total scans performed
- findings — total vulnerabilities discovered across all scans
- critical — the worst severity from the latest scan of each target (red if anything critical is live, green if clean)
The critical count goes back down when you fix something, because it's always the worst result from the latest scan of each target.
On the right: a Scan Log (newest scans first) and a Findings panel (click any run to see what it found). The dashboard refreshes every few seconds.
How to Scan
Two buttons at the top right:
⊕ Scan Target opens a form where you:
- Pick a Tool (code auditor, vulnerability scanner, etc.)
- Pick a Target (your own code or an authorized external target)
- Add optional Args (flags or parameters for the tool)
- Select a Category:
immune(hardening your own code) orpentest(an authorized external target)
The tool list and target list come from an owner-editable allowlist. Flowork will not run a tool or touch a target that isn't on it — there's no shell in the middle, no way to slip a rogue scan past your rules.
≣ Arsenal opens the catalog of everything the scanner can use: defensive code auditors (marked CORE, and fixed in place), tools, and thousands of detection checks. Search it, install new packs, or uninstall ones you don't need.
Build Your Own Checks
A check is a nuclei template — a small YAML file that says "look for this pattern":
id: exposed-env-file
info:
name: Exposed .env file
author: you
severity: high
http:
- method: GET
path:
- "{{BaseURL}}/.env"
matchers:
- type: word
words:
- "DB_PASSWORD"
Add a single check by POSTing it to /api/scanner/checks/add with { name, yaml }. It runs through nuclei -validate to confirm it's well-formed; a valid one lands in <nuclei-templates>/flowork-private/ and appears in the Arsenal immediately.
For a whole pack of checks, bundle them into a .fwpack (a ZIP file):
my-scanner.fwpack
├─ plugin.json
└─ checks/
├─ check-1.yaml
└─ check-2.yaml
The plugin.json tells Flowork what it is:
{
"id": "my-scanner",
"kind": "scanner",
"scanner": {
"name": "My Security Pack",
"description": "Custom checks for my codebase"
}
}
Install it via /api/scanner/packs/install. Every check is validated on load; if it passes, it snaps into the Arsenal and becomes available for scans.
Security & Trust
Every part of the scanner is owner-only and runs locally:
- Tools and targets are allowlisted — you control what the scanner can touch and run. No rogue scans.
- Every check is validated — malformed or unsafe templates are rejected before they run.
- Templates run inert — scans discover vulnerabilities; they don't execute arbitrary code on your targets (detection only).
- Scans only reach allowlisted targets — you grant permission per target. Flowork honors that boundary.
The threat radar is not a third-party service bolted on — it's wired into the kernel. Your agents' code is scanned locally, on your machine, with no telemetry, no uploads, no cloud roundtrips.
Next: learn how to add a target to your allowlist, or browse the Arsenal to see what checks are available.
Flowork is open source — both products:
- 🤖 Flowork Agent (the self-hosted agent OS): https://github.com/flowork-os/Flowork_Agent
- 🛣️ Flow Router (the sovereign LLM gateway): https://github.com/flowork-os/flowork_Router
Top comments (0)