lintai shows what your AI agent can run, access, and what defaults it gets by checking the ordinary-looking files that usually control that behavior before risky defaults quietly spread through a repo.

AI is more dangerous than you think

26.1% of 31,132 agent skills analyzed in the wild contained at least one vulnerability. Source: Agent Skills in the Wild

Offline-first, precision security linter for SKILLS, MCP, plugins, configs and other AI infrastructure.

Quick run

npx lintai-cli scan .

Run a local scan See example findings

Latest release · v0.1.1 · May 28, 2026

Runs locally

Agent config

JSON + SARIF

Local scanRuns locally

What lintai checks locally

It scans the agent files you already use.

$ lintai scan .

Run

Commands and launchers

Hooks, shell grants, uvx and npx paths.

Access

Tool and MCP access

Permissions, MCP servers, connected tools.

Inherit

Shared defaults

Team settings, rules, and instruction files.

Example finding

.claude/settings.json

Broad shell access in shared settings

This shared config grants more shell power than most local setups need.

A small permissions shortcut can quietly widen shell authority.

Looks harmless

A harmless shared settings block.

Actually changes

Turns team defaults into broader shell access than the repo needs.

A routine command path can quietly change what code the agent runs.

Looks harmless

Normal mcp.json wiring or setup guidance.

Actually changes

Downloads or resolves agent tooling dynamically at runtime.

A shared hook can run with no clear execution guardrails.

Looks harmless

Simple setup glue in a repo hook.

Actually changes

Executes commands with unclear time, tool, or boundary limits.

Committed hook

Committed config

Hook settings

On-the-fly launches in hook config

Catches shared hook commands that resolve packages at runtime instead of using a reviewed executable path.

Why it matters

A hook should behave like reviewed automation, not like a command path that can run different package code later.

Committed config

Before merge

mcp.json

Dynamic package launch in committed config

Catches mcp.json entries that launch external packages dynamically instead of using reviewed local tooling.

Why it matters

This is easy to underestimate in review because the repo changes config, while the executed code can come from a registry later.

Shared policy

Before merge

Shared settings

Broad shell grant in shared policy

Catches frontmatter and shared settings that quietly give an agent far more shell access than the workflow actually needs.

Why it matters

This is one of the easiest risky defaults to miss in review because it looks like a small settings shortcut, not a power change.

Runs on your machine

Built for local runs and CI

Without a dedicated check

Depends on what a person notices

Shows the exact reason for each finding

Stable ids with structured evidence

Without a dedicated check

Explanations vary by person

Separates release-grade checks from preview signals

Documented in the shipped product posture

Without a dedicated check

Usually lives in tribal knowledge

Checks agent config people usually trust by default

Skills, MCP, hooks, settings, instruction files

Without a dedicated check

Easy to miss harmless-looking files

Also useful later

Fits into CI and code scanning

Text, JSON, and SARIF are built in

Can inspect what is already installed locally

scan-known and inventory-os are built in

Fast path to the first scan

The fastest supported path to a real local lintai scan.

Choose a run path

Fastest supported path on macOS and Linux. Downloads the verified release installer, installs lintai, and immediately scans the current repository.

Run the first repo scan

Command

npx lintai-cli scan .

Best default for a first local check when you want the shortest real path to findings.

Export SARIF for CI or code scanning

Command

lintai scan . --format sarif

Use SARIF when you want the same scan integrated into CI and downstream tooling.

Inspect resolved policy when you add config

Command

lintai explain-config lintai.toml

Useful once the target repo has a local lintai policy and you want to confirm the active preset and rule posture.

What to know before CI

The short honest version: where the current release is strong and where its trust boundary still sits.

Repository-local scan surface

Initial public release

The current product story is the repo-local scan path for AI-native files such as skills, MCP configs, hook settings, and local client policy surfaces.

Stable vs Preview policy

Documented now

Stable findings are the release-quality baseline. Preview remains useful but explicitly non-baseline and more context-sensitive.

Offline advisory lane

Opt-in

Dependency advisory matching is intentionally opt-in and limited to committed npm lockfiles against the active offline snapshot.

Installed artifact audit

Available now

scan-known, inventory-os, and policy-os extend lintai beyond repo scans when you need to inspect what local AI clients already have configured.

Read the release posture

OverviewWhat is lintai?

ScopeWhat does lintai scan in the current v0.1 scope?

Trust postureIs lintai really offline-first?

Signal qualityWhat is the difference between Stable and Preview findings?

Start hereWhat is the fastest way to try lintai?

PositioningDoes lintai replace cloud scanners or broad supply-chain platforms?

Start here

Need a clearer next step?

Most teams only need three pages first: the docs index, the positioning note, and the release contract.

Open docs indexBrowse the rules and preset reference without leaving the repo context.

Open positioning noteSee who lintai is for, what it catches, and what it does not promise yet.

Check release contractRead the current public release posture before promising more than the product ships.

AI is more dangerous than you think

What lintai checks locally

Broad shell access in shared settings

What local agent config hides

Broad shell access in shared settings

Dynamic package launch in mcp.json

Hook command with no clear boundary

What lintai catches in practice

On-the-fly launches in hook config

Dynamic package launch in committed config

Broad shell grant in shared policy

Why run lintai locally first

Runs on your machine

Shows the exact reason for each finding

Separates release-grade checks from preview signals

Checks agent config people usually trust by default

Fits into CI and code scanning

Can inspect what is already installed locally

Run your first scan

Fast path to the first scan

Run the first repo scan

Export SARIF for CI or code scanning

Inspect resolved policy when you add config

What to know before CI

Repository-local scan surface

Stable vs Preview policy

Offline advisory lane

Installed artifact audit

Got questions? We've got answers

Need a clearer next step?