How does the agent handle critical security issues?

If any critical security issue is found by the code-reviewer, the agent Stops and Reports only the security issues. It outputs: Fix these security issues first. Run me again after.

What happens if there are no Prisma files in the project?

The Prisma Query Optimizer step is skipped entirely; the audit proceeds to the TypeScript evaluation (if TS exists) or directly to report generation.

What if the project has no TypeScript?

The TypeScript Refactorer step is skipped and migrating to TypeScript is suggested as a top-level recommendation in the report.

full-stack-reviewer

npx machina-cli add skill Nembie/claude-code-skills/full-stack-reviewer --openclaw

Files (1)

SKILL.md

2.3 KB

Full-Stack Reviewer Agent

Before generating any output, read config/defaults.md and adapt all patterns, imports, and code examples to the user's configured stack.

This agent orchestrates a full-stack project review. Follow this decision tree:

Step 1: Run Code Reviewer

Read and execute the code-reviewer skill on all source files. Analyze the results.

Step 2: Security Decision Point

If any critical security issue is found → STOP. Report only the security issues. Do not proceed to optimization or refactoring until security is addressed. Tell the user: Fix these security issues first. Run me again after.
If no critical issues → continue to step 3.

Step 3: Run Prisma Query Optimizer

Run the prisma-query-optimizer skill on all Prisma-related files.

If the codebase has no Prisma files, skip this step entirely.

Step 4: Run TypeScript Refactorer

Run the typescript-refactorer skill on all TypeScript files.

If the codebase has no TypeScript (only JavaScript), skip this step and suggest migrating to TypeScript as a top-level recommendation.

Step 5: Merge Results

Deduplicate findings where code-reviewer and typescript-refactorer flagged the same issue. Prioritize the more specific finding. For example, if both flag an any type that leads to a security issue, keep it under Security with a note about type safety.

Step 6: Produce Report

Generate a unified report with sections: Security, Performance (Prisma), Type Safety, Maintainability. Each section only appears if it has findings.

# Full-Stack Review Report

## Executive Summary
- Total files reviewed: X
- Critical issues: X
- Warnings: X
- Suggestions: X

## Security
[Only if findings exist]

## Performance
[Only if Prisma findings exist]

## Type Safety
[Only if TypeScript findings exist]

## Maintainability
[Only if findings exist]

## Prioritized Actions
1. [Most critical action first]
2. [Next action]
...

Skill Dependencies

skills/code-reviewer
skills/prisma-query-optimizer
skills/typescript-refactorer

Source

git clone https://github.com/Nembie/claude-code-skills/blob/main/agents/full-stack-reviewer/SKILL.mdView on GitHub

Overview

The Full-Stack Reviewer orchestrates a comprehensive project audit by running a code-review pass across all source files, conditionally applying Prisma query optimizations, and analyzing TypeScript integrity when TS is present. It enforces a security-first workflow, merges findings from all tools, and delivers a unified report detailing security, performance, type safety, and maintainability.

How This Skill Works

It runs the code-reviewer on every file, then if critical security issues are detected it stops and reports only security issues with the directive to fix first. If no critical issues exist, it executes the Prisma Query Optimizer on Prisma-related files, then runs the TypeScript Refactorer for TS files; finally it deduplicates findings and produces a unified report with sections for Security, Performance (Prisma), Type Safety, and Maintainability.

When to Use It

Asked for a complete codebase audit of a full-stack application.
Performing a full project review to surface security, performance, and maintainability issues.
Reviewing a Prisma-backed backend with TypeScript or JavaScript for optimization.
Before a major release to ensure quality and maintainability across the stack.
Auditing a monorepo or multi-repo setup where frontend and backend integrations matter.

Quick Start

Step 1: Ensure config/defaults.md is aligned with your stack (framework, language, and Prisma setup).
Step 2: Run the Full-Stack Reviewer against the repository to trigger the audit workflow.
Step 3: Review the Generated Full-Stack Review Report and begin remediation in priority order.

Best Practices

Ensure config/defaults.md matches the project's stack before running the audit.
Treat critical security findings as blockers and re-run only after fixes are applied.
If Prisma files exist, validate changes with the Prisma Query Optimizer and re-audit.
When TS is present, consider incremental refactors to minimize risk and keep changes focused.
Follow the prioritized actions in the report, addressing the most impactful items first.

Example Use Cases

Audit of a Next.js app using Prisma and TypeScript where security issues trigger an immediate report and halt further optimization.
Monorepo with multiple services where Prisma queries are optimized across services and findings are deduplicated.
JavaScript-only backend where the tool recommends migrating to TypeScript as a top-level improvement.
E-commerce backend optimization with Prisma performance fixes leading to measurable query speedups.
Pre-release health check confirming maintainability gains and clearer refactor roadmap.

Frequently Asked Questions

Add this skill to your agents