FF Audit — Security Scanner

Is Your FlutterFlow App Actually Secure?

Paste your project ID and API key. Our engine scans for exposed secrets, broken auth, and logic flaws — in under 2 minutes.

Run Free Audit
2 Critical vulnerabilities
3 Warnings detected
1 Info notice
avg per project
audit-report.json scan complete
2 Critical 3 Warnings 1 Info
API key exposed in custom action
Unauthenticated route on /dashboard
14 unused assets inflate app size
Missing CORS headers on 3 endpoints
2 redundant state variables found
project-id: my-app-4f2a1c scanned 2m ago

How It Works

01
Connect Project
Paste your FlutterFlow Project ID and Read-Only API key. We securely connect to your environment.
02
AI Analysis
Our proprietary engine scans your app's architecture, APIs, rules, and logic for critical issues.
03
Get Report
Receive a detailed PDF report prioritizing vulnerabilities and providing actionable fix instructions.

What We Audit

Our comprehensive scan covers over 40 distinct checkpoints specific to FlutterFlow's architecture.

API Key Exposure
Detect hardcoded keys and insecure variable passing.
Auth Vulnerabilities
Find bypassing logic in routing and unauthenticated endpoints.
Performance Issues
Identify heavy queries, bad state management, and memory leaks.
Logic Flaws
Catch broken action chains and edge-case application crashes.
Unused Resources
Spot dead code, unlinked assets, and bloated components.
Network Security
Review API call structures, headers, and CORS configurations.

Run Your Audit

Enter your project details below. Your data is encrypted end-to-end.

Something went wrong. Please try again.
Your data is never stored
We use your credentials in-memory only for the duration of the scan. Nothing is persisted to our servers.
Prefer to run it locally?
Open-source · Runs on your machine · Powered by Claude

The same evaluator is available as an open-source Claude skill you can run yourself — no data leaves your machine.

seyedalidev2002/FlutterFlow-Evaluator
Contact ali@ideasparks.com