How to Build a Custom AI Security Agent with Coral & Gemini (My First Hackathon Build!)

Syed Kabeer Ali — Sun, 31 May 2026 13:15:17 +0000

Hey everyone! I just submitted my Track 2 project for the Pirates of the Coral-bean hackathon. I built The Coral Lookout, an autonomous AI agent that scans developer blogs (like Dev.to) to flag malicious npm packages and crypto scams.

Tbh, building this solo was a massive learning curve. I couldn't find a lot of tutorials on hooking up custom unmapped APIs to Coral, so I figured I’d write down exactly how I did it in case anyone else gets stuck on the same things I did.

Here is how to build your own custom AI agent from scratch!

The Stack
Data Pipeline: Coral CLI

LLM Engine: Gemini 2.5 Flash

Frontend UI: Python & Streamlit

Deployment: Docker + Railway

Step 1: Mapping the API with Coral (The Hard Part)
So, my initial plan was to just use Coral to query Dev.to articles. But I quickly realized that Dev.to isn't natively supported in Coral out of the box.

Instead of writing a wierd python scraping script, I learned you can just build a custom YAML source connector. You basically tell Coral how to read the JSON from the API.

Here is what my devto_guardian_connector.yaml looked like:

YAML
name: devto_agent
type: rest
base_url: "https://dev.to"
tables:

name: articles description: Latest articles pulled from Dev.to API request: method: GET path: /api/articles Pro tip: Make sure your indentation is perfect here. I spent like 45 minutes wondering why my SQL queries were failing only to realize I had an extra space in my YMAL file. 😅

Step 2: Querying the Data
Once the connector is linked, you can literally just use standard SQL to fetch internet data. In my app, I just ran a simple query to pull the titles and descriptions of the latest posts.

Python

just standard sql, no scraping required!

query = "SELECT title, description, url FROM devto_agent.articles LIMIT 15"
Step 3: Adding the Brains (Gemini 2.5 Flash)
Now that we have the raw text, we need to figure out if it's safe or if it's a scam. I used the Gemini API for this because its super fast.

I passed the title and description into Gemini and asked it to act like a cybersecurity expert (or in my case, a Pirate Oracle).
Wait, actually before you do this—make sure you load your API keys using dotenv in python, otherwise your app will crash instantly when you try to run it.

I wrote a prompt telling Gemini to look for high-risk signals, like links asking you to run suspicious npm install commands or random crypto airdrops. It returns a "confidence score" and a short explanation of why it flagged it.

Step 4: The Streamlit UI
I didn't want to build a boring corporate dashboard. I wanted this to feel like a real digital first mate!

I used Streamlit to build the UI. Streamlit is great, but styling it can be a pain. If you want to build a custom dark theme like I did, you have to inject CSS directly into the app using unsafe_allow_html=True.

Python
st.markdown("""

.threat-box { border-left: 5px solid red; background-color: #1a1a1a; }

""", unsafe_allow_html=True)
This let me create a really cool chronological timeline. When the agent finds a safe article, it logs it quietly. When it spots a threat, it flashes a red alert box and quarantines the link.

Step 5: Shipping it
Finally, I wrote a quick Dockerfile and pushed the whole thing to GitHub. I connected my repo to Railway, and it automatically built and deployed the app. (If your Railway build fails on the first try, just double check that your Streamlit port is set to 0.0.0.0 in your start script).

Conclusion
Building this agent definetly pushed me to my limits, but bridging an unstructured API to a SQL database and feeding it into an LLM is a superpower.

You can check out my full code here: https://github.com/MaskedMan-code/devto-guardian-agent

DEV Community: Syed Kabeer Ali

How to Build a Custom AI Security Agent with Coral & Gemini (My First Hackathon Build!)

just standard sql, no scraping required!