Back to Skills
Skill
Community

report-format

From claudius
0
Install
1
Install the plugin
$
npx claudepluginhub lklimek/agents --plugin claudius

Want just this skill?

Then install: npx claudepluginhub u/[userId]/[slug]

Description

Unified review report format for all finding-producing agents. Load when emitting or consuming review findings.

Tool Access

This skill is limited to using the following tools:

Bash(*validate_report.py *)Bash(*consolidate_reports.py *)Bash(*generate_review_report.py *)
Skill Content

Review Report Format

Unified format for all review findings. Schema: schemas/review-report.schema.json (v2.0.0).

Finding Structure

Agents emit a JSON array of finding_section objects:

[
  {
    "title": "Section Title",
    "category": "security|project|code_quality|dependencies|documentation|pr_comments",
    "findings": [
      {
        "id": "PREFIX-001",
        "severity": 5,
        "title": "Short finding title",
        "tags": ["A03 Injection", "CWE-79"],
        "location": "src/auth.rs:42-56",
        "description": "What the issue is and why it matters",
        "impact": "What could go wrong",
        "recommendation": "How to fix it"
      }
    ],
    "positives": "Optional positive observations"
  }
]

Required Fields

FieldTypeDescription
idstringPREFIX-NNN -- see ID Prefixes below
severityinteger5=CRITICAL, 4=HIGH, 3=MEDIUM, 2=LOW, 1=INFO
titlestringShort finding title
locationstringFull file path with lines: src/auth.rs:42-56 -- never bare line numbers
descriptionstringWhat the issue is and why it matters
recommendationstringHow to fix it

Optional: tags (OWASP, CWE, etc.), impact (what could go wrong).

File Output

When writing findings to a file, ALWAYS use the Write tool — never use Bash commands like cat > file, tee, heredoc redirects, or inline python3 scripts for file creation. The Write tool is allowed in all CI environments; Bash file-writing commands are typically blocked by tool allowlists.

ID Prefixes

PrefixCategoryUsed by
SEC-securitysecurity-engineer-smythe
QA-code_qualityqa-engineer-marvin
PROJ-projectproject-reviewer-adams
CODE-code_qualitydeveloper-bilby (generic)
RUST-code_qualitydeveloper-bilby (Rust)
PY-code_qualitydeveloper-bilby (Python)
GO-code_qualitydeveloper-bilby (Go)
FE-code_qualitydeveloper-bilby (frontend)
DOC-documentationtechnical-writer-trillian
CMT-pr_commentscheck-pr-comments
DEP-dependenciesreview-dependency

IDs are provisional -- the consolidation step deduplicates and reassigns final IDs.

Domain-Specific Fields

Agents may add context to description and tags per their domain:

  • security-engineer: include OWASP category and CWE in tags, CVE references and evidence in description
  • qa-engineer: include requirement reference, expected vs actual behavior in description
  • check-pr-comments: include reviewer, comment_id, comment_url, thread_id, verdict fields (schema-defined)

Report Pipeline Tools

ToolPurposeUsage
scripts/validate_report.pyValidate report JSON against schemapython3 ${CLAUDE_SKILL_DIR}/../../scripts/validate_report.py report.json
scripts/consolidate_reports.pyMerge multiple agent reports, deduplicate findingspython3 ${CLAUDE_SKILL_DIR}/../../scripts/consolidate_reports.py agent1.json agent2.json -o consolidated.json
scripts/generate_review_report.pyRender consolidated report as Markdown/HTMLpython3 ${CLAUDE_SKILL_DIR}/../../scripts/generate_review_report.py consolidated.json

Full Report Envelope

For complete reports (grumpy-review, check-pr-comments), wrap finding sections in:

{
  "schema_version": "2.0.0",
  "metadata": { "project": "...", "date": "YYYY-MM-DD" },
  "executive_summary": { "overall_assessment": "..." },
  "summary_statistics": { "total_findings": 0, "severity_counts": {} },
  "findings": []
}

See schemas/review-report.schema.json for complete envelope schema.

Stats
Stars0
Forks0
Last CommitMar 18, 2026

Similar Skills