Multi-agent security review running daily in production: architecture and findings
Architecture details
The security agent runs on a daily cron via launchd. It receives a diff of recent commits plus full codebase access. It checks against a structured vulnerability checklist that includes:
- IDOR
- Auth bypasses
- Injection vectors
- Secrets exposure
- Overly permissive routes
The agent files findings as P0/P1/P2 tasks in the work queue. A separate coding agent picks them up, fixes them, commits the changes, and deploys.
Coordination challenges and solutions
After 3 weeks running in production, the most interesting coordination challenge was conflict between the security agent and coding agent. Security flags something, coding fixes it, but then introduces a pattern in the next commit that security hasn't reviewed yet.
The solution implemented: daily-only runs (not per-commit) plus a "reviewed_through" marker so findings have commit context.
Performance observations
Claude was noted as unusually good at distinguishing "this looks vulnerable" from "this is definitely exploitable in this context." The false positive rate stayed manageable.
The system is part of a larger multi-agent setup at ultrathink.art that includes design, coding, marketing, ops, social, and the dedicated security agent.
📖 Read the full source: r/clawdbot
👀 See Also
How Centralized Context Architecture with Claude Saves 10+ Hours Weekly
A Reddit user reports saving 10+ hours weekly by moving SOPs, meeting notes, and CRM into a centralized Notion workspace and connecting Claude directly to that context. Three specific workflows eliminate manual email drafting, spreadsheet entry, and content creation.
Controlling Claude Code via WhatsApp with Channels Feature
A developer connected WhatsApp to a running Claude Code session using the Channels feature (v2.1.80+), enabling text messages, voice notes with Whisper transcription, and voice replies with OpenAI TTS to interact with the same CLI session.
Exploring the Benefits and Drawbacks: Cloud LLM vs. Local AI Agents
The debate between cloud-based AI models and local AI processing continues to capture interest, with each offering distinct advantages and challenges. Dive into our analysis to understand the key takeaways.
Non-developer finds managed OpenClaw setup via MaxClaw on MiniMax Agent platform
A freelance marketing consultant with no coding background successfully deployed an AI agent using MaxClaw on the MiniMax Agent platform, avoiding Docker and API key management. The agent handles daily competitor monitoring, drafts social copy, and summarizes articles.