The Agent-tina

The Agent Tina is an AI-powered smart contract security auditor designed to analyze Solidity repositories automatically using a multi-strategy agent architecture. Built on top of Nethermind’s AgentArena template and customized for ETHGlobal, it combines several specialized security agents—Reentrancy Detection, Flash-Loan Attack Analysis, and Access-Control & Privilege-Escalation Review—to generate a comprehensive vulnerability report. Simply provide a GitHub repo, and Tina clones the code, analyzes the contracts, and produces a structured JSON audit with severity levels and clear explanations. The system is fully extensible, allowing additional detectors and logic to be added easily. The Agent Tina demonstrates how AI can accelerate and democratize smart-contract security analysis by making high-quality auditing fast, repeatable, and accessible to any developer.

The Agent Tina was built by customizing Nethermind’s AgentArena agent-template and extending it into a multi-strategy AI audit system. The core is a Python package that exposes a CLI tool (audit-agent) capable of cloning Solidity GitHub repositories and running layered LLM-based analyses. Each security strategy—Reentrancy Detection, Flash Loan Attack Vector Analysis, and Access Control Review—uses its own specialized system prompt and runs independently. Their outputs are merged into a unified vulnerability report with severities and file mappings.

The backend is built in Python using OpenAI’s API for inference, Pydantic for structured data, and Typer for the CLI. The project uses virtual environments, environment-variable-based config, and JSON output for easy integration with dashboards or other tools. Cursor’s .cursorrules file was leveraged to fine-tune the AI-assisted coding experience, speeding up development. The design is intentionally modular, so adding new detectors is as simple as creating a new strategy class and registering it.

A bit of hackiness went into modifying the template to support custom prompts, improve analysis merging, and streamline local usage for fast testing during the hackathon. The result is a flexible, extensible AI-powered security auditor that combines multiple independent analyses into a single, clear smart-contract audit.