Multi-agent crypto threat intelligence that tells you if a token will steal your money — before you buy it.
In 2025, retail crypto users lost over $5.6 billion to scams, rug pulls, and fraudulent tokens. Most victims had no way to verify what they were buying. The information exists — on-chain data, contract source code, holder distributions — but it's scattered across dozens of tools, written in a language most people don't speak.
There's no reason a normal person should need to read Solidity bytecode to avoid getting robbed.
You paste a token address. Three specialized AI agents analyze it simultaneously and return a risk score with evidence.
That's it. No account required, no wallet connection, no premium tier. Just a straight answer: is this token likely to steal your money?
+-----------------------+
| User Query |
| "Is 0xABC... safe?" |
+-----------+-----------+
|
+-----------v-----------+
| Gradient AI |
| Router Agent |
| (multi-agent routing)|
+-----------+-----------+
| | |
+-----------+ +----+----+ +-----------+
| | | |
+---------v---------+ +--v------+ +---------v---------+
| Token Risk | | Smart | | Market |
| Analyzer | |Contract | | Intelligence |
| | |Auditor | | |
| - Liquidity | | | | - Social signals |
| - Holders | |- Vulns | | - Volume patterns |
| - Permissions | |- Honey | | - Whale moves |
| - Market patterns | | pots | | - Sentiment |
+---------+---------+ +----+----+ +---------+---------+
| | |
+--------+--------+--------+----------+
| |
+----------v----------+ |
| Knowledge Bases | |
| (scam patterns, | |
| exploit history) | |
+---------------------+ |
|
+----------------v---------+
| Guardrails |
| - Financial disclaimers |
| - PII protection |
| - No investment advice |
+----------------+---------+
|
+----------------v---------+
| Risk Assessment |
| Score: 82/100 CRITICAL |
| "Do not buy this token" |
+---------------------------+
Screenshots will be added before submission.
| Layer | Technology |
|---|---|
| AI Agents | DigitalOcean Gradient AI ADK (Python 3.11) |
| Agent Routing | Gradient AI multi-agent routing |
| Knowledge | Gradient AI Knowledge Bases (scam patterns, exploit DB) |
| Safety | Gradient AI Guardrails (disclaimers, PII) |
| Backend | FastAPI (Python) — orchestrator for agent calls |
| Frontend | Next.js 14, React 18, Tailwind CSS, TypeScript |
| Data Sources | DexScreener, Birdeye, Solscan APIs |
| Infra | DigitalOcean App Platform + Gradient AI serverless |
CryptoGuard uses every major feature of the Gradient AI platform:
Three specialized agents built with the Gradient ADK, each with its own system prompt, tool definitions, and domain expertise:
- Token Risk Analyzer — calls DexScreener, Birdeye, and Solscan APIs via tool calling to pull liquidity, holder, and authority data. Scores risk across 4 categories (liquidity, holder concentration, contract permissions, market patterns) on a 0-100 scale.
- Smart Contract Auditor — analyzes contract source code for honeypot patterns, reentrancy vulnerabilities, hidden admin functions, and fee manipulation.
- Market Intelligence — evaluates social signals, volume anomalies, whale wallet movements, and sentiment patterns.
A router agent examines the user's query and dispatches it to one or more specialist agents. A query like "Is this token safe?" hits all three. A query like "Can the dev mint more tokens?" routes only to the Token Risk Analyzer.
Agents are grounded with curated knowledge bases containing:
- Historical rug pull patterns and post-mortem analyses
- Known scam contract signatures and bytecode patterns
- Common social engineering tactics used in crypto fraud
- Regulatory guidance on token classification
Every response passes through guardrails that enforce:
- Financial disclaimers — CryptoGuard does not provide investment advice
- PII protection — no wallet addresses are stored or logged
- Scope boundaries — agents refuse to execute trades or interact with wallets
Agents run on Gradient AI's serverless infrastructure. No GPU provisioning, no idle costs. Each agent scales independently based on query volume.
Agents use OpenAI-compatible function calling to query external APIs (DexScreener, Birdeye, Solscan) in real time. Tool definitions and handlers are co-located with each agent.
We use Gradient AI's evaluation framework to test agent accuracy against known scam tokens and verified safe tokens. Evaluation datasets include labeled examples from documented rug pulls.
All agent interactions are traced end-to-end through Gradient AI's tracing system, enabling debugging of multi-agent conversations and measuring latency per agent.
- Python 3.11+
- Node.js 18+
- DigitalOcean account with Gradient AI access
- (Optional) Birdeye API key, Solscan Pro API key
git clone https://github.com/rsulisthio/cryptoguard.git
cd cryptoguardcd agents/token-analyzer
pip install -r requirements.txt
gradient agent deployRepeat for agents/contract-auditor and agents/market-intelligence once they're built.
cp .env.example .envEdit .env:
GRADIENT_API_KEY=your_gradient_api_key
GRADIENT_TOKEN_ANALYZER_URL=https://your-agent.gradient.ai/api/v1/chat/completions
GRADIENT_CONTRACT_AUDITOR_URL=https://your-agent.gradient.ai/api/v1/chat/completions
GRADIENT_MARKET_INTEL_URL=https://your-agent.gradient.ai/api/v1/chat/completions
BIRDEYE_API_KEY=optional_birdeye_key
SOLSCAN_API_KEY=optional_solscan_key
cd api
pip install -r requirements.txt
uvicorn main:app --reload --port 8000cd frontend
npm install
npm run devOpen http://localhost:3000.
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/analyze |
Submit a token address for full multi-agent analysis |
POST |
/api/analyze/token |
Token Risk Analyzer only |
POST |
/api/analyze/contract |
Smart Contract Auditor only |
POST |
/api/analyze/market |
Market Intelligence only |
POST |
/api/chat |
Chat with agents (conversational interface) |
GET |
/api/health |
Health check |
curl -X POST http://localhost:8000/api/analyze \
-H "Content-Type: application/json" \
-d '{"token_address": "So11111111111111111111111111111111111111112", "chain": "solana"}'{
"query": "So11111111111111111111111111111111111111112",
"overallScore": 12,
"overallRisk": "SAFE",
"timestamp": "2026-03-18T10:30:00Z",
"agents": [
{
"agent": "token",
"name": "Token Risk Analyzer",
"score": 8,
"riskLevel": "SAFE",
"summary": "Wrapped SOL — native asset, no mint/freeze authority concerns.",
"findings": ["Liquidity: $2.1B across 1,247 pairs", "No single holder >5%"],
"details": "..."
},
{
"agent": "contract",
"name": "Smart Contract Auditor",
"score": 5,
"riskLevel": "SAFE",
"summary": "Native wrapped token program — no custom contract logic.",
"findings": [],
"details": "..."
},
{
"agent": "market",
"name": "Market Intelligence",
"score": 15,
"riskLevel": "SAFE",
"summary": "Established asset with consistent volume and organic trading.",
"findings": ["24h volume: $1.8B", "No wash trading indicators"],
"details": "..."
}
]
}cryptoguard/
├── agents/
│ ├── token-analyzer/ # Gradient ADK agent
│ │ ├── .gradient/
│ │ │ └── agent.yml # Agent config
│ │ ├── main.py # Agent entrypoint + tools
│ │ └── requirements.txt
│ ├── contract-auditor/ # Smart contract analysis agent
│ │ ├── .gradient/
│ │ │ └── agent.yml
│ │ └── main.py
│ └── market-intelligence/ # Market signals agent
│ ├── .gradient/
│ │ └── agent.yml
│ └── main.py
├── api/ # FastAPI orchestrator
│ ├── main.py
│ └── requirements.txt
├── frontend/ # Next.js dashboard
│ ├── app/
│ │ └── lib/
│ │ └── types.ts # TypeScript interfaces
│ ├── package.json
│ ├── tailwind.config.ts
│ └── next.config.js
├── knowledge-bases/ # Gradient AI knowledge base data
│ ├── scam-patterns.jsonl
│ └── exploit-history.jsonl
├── guardrails/ # Guardrail configurations
│ └── financial-disclaimer.yml
├── evals/ # Agent evaluation datasets
│ └── known-scams.jsonl
├── README.md
├── SUBMISSION.md
├── SETUP.md
├── LICENSE
└── .env.example
Richard Sulisthio — Solo builder
- Ex-Tokopedia (Indonesia's largest marketplace)
- Tsinghua University CS
- Building Solder — AI agent infrastructure on Solana
- Built Cortex prediction agents, multi-chain DeFi tooling
- GitHub | X/Twitter
MIT. See LICENSE.
Built for the DigitalOcean Gradient AI Hackathon 2026. CryptoGuard does not provide investment advice. All risk scores are informational and should not be the sole basis for any financial decision.