Get the FREE Ultimate OpenClaw Setup Guide →

multi-review

reviewmulti-agentsecurityperformancetestingworkflow
npx machina-cli add skill Pamacea/smite/multi-review --openclaw
Files (1)
SKILL.md
10.0 KB

Multi-Agent Review System

Mission

Orchestrate parallel code review by specialized agents, each focusing on their domain expertise, then consolidate findings into a unified report.

When to Use

  • Before merging PR: "Review this PR before merge"
  • Security-critical code: Auth, payments, data handling
  • Performance concerns: "Check performance of this code"
  • Test coverage gaps: "Review test coverage"
  • Documentation: "Ensure code is well-documented"

Examples

# Comprehensive PR review
/studio review --team --all

# Security only
/studio review --team --scope=security

# Performance + testing
/studio review --team --scope=performance,testing

When NOT to Use

  • Single file simple changes (use standard review)
  • Quick style fixes (use linter/formatter)
  • Trivial changes (comments, formatting)
  • Documentation-only changes (use docs reviewer)
  • Configuration changes (review manually)
  • Local development (not ready for review)

Review Agents

1. Security Reviewer Agent

Model: claude-opus-4-6 (complex reasoning)

Focus Areas:

  • OWASP Top 10 vulnerabilities
  • Input validation and sanitization
  • Authentication and authorization
  • Sensitive data handling
  • Dependency vulnerabilities
  • API security

Output Format:

## Security Review

### Critical Issues
- [Issue 1]

### Medium Issues
- [Issue 2]

### Recommendations
- [Recommendation 1]

### Security Score: X/10

2. Performance Reviewer Agent

Model: claude-sonnet-4-5 (implementation focus)

Focus Areas:

  • Database query optimization
  • N+1 query problems
  • Memory leaks
  • Caching opportunities
  • Async operation efficiency
  • Bundle size impact

Output Format:

## Performance Review

### Bottlenecks Found
- [Bottleneck 1]: Impact, Solution

### Optimization Opportunities
- [Opportunity 1]: Expected improvement

### Metrics (if applicable)
- Before: [metric]
- After: [projected metric]

### Performance Score: X/10

3. Testing Reviewer Agent

Model: claude-sonnet-4-5

Focus Areas:

  • Test coverage (unit, integration, E2E)
  • Edge cases handled
  • Mock strategy
  • Test quality and clarity
  • Missing test scenarios

Output Format:

## Testing Review

### Coverage Gaps
- [Gap 1]: Suggested test

### Test Quality Issues
- [Issue 1]: Fix needed

### Missing Edge Cases
- [Case 1]

### Test Score: X/10

4. Documentation Reviewer Agent

Model: claude-haiku-4-5 (fast review)

Focus Areas:

  • Function/class documentation
  • Inline comments clarity
  • README/USAGE docs
  • Type definitions
  • Examples provided

Output Format:

## Documentation Review

### Missing Documentation
- [What needs docs]

### Documentation Quality
- [Issues found]

### Suggestions
- [Improvements]

### Documentation Score: X/10

Orchestration Flow

┌──────────────────────────────────────────┐
│        Review Coordinator               │
│  (Opus 4.6 - smart orchestration)      │
└─────────────────┬────────────────────────┘
                  │
      ┌───────────┼───────────┬───────────┐
      ▼           ▼           ▼           ▼
┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
│Security │ │Performance│ │Testing │ │Docs    │
│Reviewer │ │Reviewer │ │Reviewer│ │Reviewer│
└─────────┘ └─────────┘ └─────────┘ └─────────┘
      │           │           │           │
      └───────────┼───────────┴───────────┘
                  ▼
        ┌─────────────────────┐
        │ Consolidated Report │
        └─────────────────────┘

Usage

Command Line

# Basic multi-review
/studio review --team --scope=security,performance,testing

# All reviewers
/studio review --team --all

# Specific reviewers only
/studio review --team --scope=security,testing

# With auto-fix
/studio review --team --fix

# Generate report only
/studio review --team --output=report.md

In Studio Build

/studio build --team --review "Implement user authentication"
# Automatically runs multi-review after implementation

Consolidated Report Format

# Multi-Agent Review Report

**Generated:** 2026-02-19 14:30:00
**Reviewers:** Security, Performance, Testing, Documentation
**Files Reviewed:** 12 files, 847 lines

## Overall Score: 7.2/10

### Security Score: 6/10 ⚠️
[Security findings...]

### Performance Score: 8/10 ✅
[Performance findings...]

### Testing Score: 7/10 ⚠️
[Testing findings...]

### Documentation Score: 8/10 ✅
[Documentation findings...]

## Critical Issues (Must Fix)
1. **[SECURITY]** SQL injection vulnerability in user search
   - File: `src/api/users.ts:45`
   - Fix: Use parameterized query
   - Severity: HIGH

2. **[TESTING]** Missing edge case for empty arrays
   - File: `src/utils/array.ts:23`
   - Fix: Add test for empty input
   - Severity: MEDIUM

## Recommendations (Should Fix)
1. **[PERFORMANCE]** Add database index for email lookups
   - Impact: 60% faster queries
   - Effort: LOW

2. **[DOCS]** Document API authentication flow
   - Add example to README
   - Effort: LOW

## Summary
- Total Issues Found: 8
- Critical: 2
- Medium: 4
- Low: 2

**Recommendation:** Address critical issues before merging

Configuration

Create .claude/review-config.json:

{
  "multi_review": {
    "enabled": true,
    "reviewers": {
      "security": {
        "enabled": true,
        "model": "claude-opus-4-6",
        "severity_threshold": "medium",
        "rules": ["owasp-top-10", "auth", "data-sanitization"]
      },
      "performance": {
        "enabled": true,
        "model": "claude-sonnet-4-5",
        "metrics": ["query-time", "memory", "bundle-size"],
        "thresholds": {
          "query_time_ms": 100,
          "memory_mb": 512
        }
      },
      "testing": {
        "enabled": true,
        "model": "claude-sonnet-4-5",
        "coverage_target": 80,
        "require_edge_cases": true
      },
      "documentation": {
        "enabled": true,
        "model": "claude-haiku-4-5",
        "require_examples": true,
        "check_types": true
      }
    },
    "output": {
      "format": "markdown",
      "location": ".claude/reviews/",
      "include_suggestions": true,
      "auto_fix": false
    },
    "parallelism": {
      "max_concurrent": 4,
      "timeout_minutes": 10
    }
  }
}

Integration with Git Hooks

Add to .claude/hooks.json:

{
  "PreToolUse": [{
    "matcher": "tool == 'Bash' && tool_input.command matches 'git commit'",
    "hooks": [{
      "type": "command",
      "command": "claude /studio review --team --output=git-hook-review.md"
    }]
  }]
}

Best Practices

1. Run Reviews Incrementally

Don't wait until PR is ready:

# After feature implementation
/studio review --team --scope=testing

# Before security review
/studio review --team --scope=security

# Final comprehensive review
/studio review --team --all

2. Fix Issues Iteratively

# First pass
/studio review --team --fix

# Re-review fixes
/studio review --team

# Continue until score > 8/10

3. Customize for Project

Adjust configuration based on project needs:

  • Security-focused: Enable only security reviewer
  • High-performance: All reviewers + performance profiler
  • Documentation-heavy: Enable docs + testing reviewers

Performance Impact

  • Time: 2-5 minutes for typical PR (50-200 files)
  • Parallel execution: 4x faster than sequential
  • Token usage: ~50k tokens for full review (all 4 agents)
  • Cost: ~$0.50-1.00 per review (Opus + Sonnet + Haiku)

Success Metrics

Good multi-review setup:

  • ✅ Critical issues caught before merge
  • ✅ Consistent review quality
  • ✅ Fast feedback (< 5 minutes)
  • ✅ Actionable recommendations
  • ✅ Team adopts suggestions

Limitations

  • ❌ False positives possible (especially security)
  • ❌ Can't replace human judgment entirely
  • ❌ May miss business logic errors
  • ❌ Requires good test coverage for testing review

Related Skills

Anti-Patterns

Anti-PatternProblemFix
Running on every commitWastes time/costRun only before PR merge
Reviewing trivial changesNo value addedSkip for formatting/comments
Ignoring review findingsDefeats purposeAddress critical issues
Running all reviewers unnecessarilySlows workflowSelect relevant reviewers only
Not fixing P0/P1 issuesSecurity/performance risksAlways fix critical findings
Review without testsIncomplete quality checkEnsure tests pass first

Version: 1.0.0 | Category: workflow | Last updated: 2026-02-19

Source

git clone https://github.com/Pamacea/smite/blob/main/plugins/studio/skills/multi-review/SKILL.mdView on GitHub

Overview

This skill orchestrates parallel reviews by four specialized agents—security, performance, testing, and documentation—before PR merge or production deployment. It consolidates findings into a unified report and score to enforce a mandatory gate.

How This Skill Works

On a PR or deployment trigger, it invokes all four agents in parallel, each focusing on their domain (security, performance, testing, documentation). Each agent outputs a standardized report, and the orchestrator aggregates them into a single, scored result that determines whether the change can be merged or deployed.

When to Use It

  • Before merging a PR into main or staging
  • Security-critical code paths (auth, data handling, dependencies)
  • Performance concerns or optimizations
  • Test coverage gaps or quality concerns
  • Documentation completeness and clarity for the change

Quick Start

  1. Step 1: Trigger the multi-review workflow for the PR (for example, via a studio command)
  2. Step 2: Let the four agents run in parallel and generate their reports
  3. Step 3: Review the consolidated report and proceed to merge or fix issues based on the score

Best Practices

  • Use for gatekeeping complex changes rather than small edits
  • Invoke comprehensive scope when needed: comprehensive-review, security, performance, testing, and docs
  • Review the consolidated report and overall score, not only individual sections
  • Ensure agents outputs follow the prescribed formats and scoring
  • Integrate the gate into CI with clear remediation steps and thresholds

Example Use Cases

  • Comprehensive PR review for a major feature merge
  • Security-sensitive code path review before production deployment
  • Performance + testing assessment for a redesigned module
  • Documentation and code comments review alongside code changes
  • End-to-end review that includes all four domains

Frequently Asked Questions

Add this skill to your agents

Related Skills

project-specification

athola/claude-night-market

Transform project briefs into testable specifications with acceptance criteria. Use for requirements translation, spec creation, pre-implementation. Skip if spec exists or still exploring.

pr-review

athola/claude-night-market

'Use this skill for scope-focused PR reviews. Use when reviewing PRs,

Auto-Update Systems Expert

martinholovsky/claude-skills-generator

Expert in Tauri auto-update implementation with focus on signature verification, rollback mechanisms, staged rollouts, and secure update distribution

project-planning

athola/claude-night-market

Transform specifications into implementation plans with architecture design and dependency-ordered tasks. Use for spec-to-plan conversion, task breakdown, effort estimation. Skip if no spec exists.

python-testing

athola/claude-night-market

'Consult this skill for Python testing implementation and patterns. Use

convex-security-check

waynesutton/convexskills

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

Sponsor this space

Reach thousands of developers