← Back to Skills Marketplace
superworldsavior

Agent Escalation (Webhook)

by Erwan Lee Pesle · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
106
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-escalation
Description
Escalader un problème vers l'agent superviseur (David) via webhook gateway. Utiliser quand l'agent client est bloqué sur un problème qu'il ne peut pas résoud...
README (SKILL.md)

Escalation vers l'agent superviseur

Quand escalader

  • Blocage après 2-3 tentatives infructueuses
  • Erreur technique hors du périmètre de l'agent (config, infra, API)
  • Demande client qui dépasse les compétences de l'agent
  • Situation ambiguë nécessitant une décision humaine ou superviseur

Comment escalader

Exécuter le script scripts/escalate.sh via exec :

bash \x3CSKILL_DIR>/scripts/escalate.sh "\x3Cdescription du problème>" "\x3Cce qui a été tenté>" "\x3Crésultat obtenu>"

Paramètres

  1. Problème (obligatoire) — description concise du blocage
  2. Tentatives (obligatoire) — ce qui a été essayé et pourquoi ça n'a pas marché
  3. Résultat (optionnel) — dernier message d'erreur ou état actuel

Exemple

bash \x3CSKILL_DIR>/scripts/escalate.sh \
  "Impossible de lire les mails Google du client — token expiré" \
  "Tenté refresh via Nango, erreur 401 persistante. Vérifié scopes, OK." \
  "Error: invalid_grant - Token has been expired or revoked"

Ce qui se passe

  1. Le script appelle POST /hooks/agent sur le gateway local
  2. Le superviseur (David) reçoit une session dédiée avec le contexte complet
  3. David traite le problème ou escalade à Erwan si nécessaire
  4. La réponse est délivrée sur Telegram à Erwan pour visibilité

Règles

  • Ne pas escalader pour des questions simples — chercher d'abord dans les skills, la doc, le web
  • Toujours inclure ce qui a été tenté — le superviseur ne doit pas refaire le travail
  • Un seul escalade par problème — ne pas spammer le webhook
  • Informer le client qu'on a escaladé et qu'un retour arrive sous peu
Usage Guidance
This skill's behavior (posting an escalation message) is coherent with its description, but the package metadata fails to declare an important secret (HOOKS_TOKEN) and doesn't list required binaries (curl, python3). Before installing, ask the publisher to: 1) update the manifest to declare HOOKS_TOKEN as a required credential and list required binaries; 2) document what data is sent and to which endpoints; 3) confirm the default DELIVER_TO value and that it is an internal contact; 4) ensure GATEWAY_HOST is locked to a trusted internal address (avoid running with a GATEWAY_HOST you don't control). If you must run it now, provide a HOOKS_TOKEN with minimal scope, run in an environment where GATEWAY_HOST is 127.0.0.1 (or another internal gateway you control), and avoid including sensitive data in the problem text. If the publisher cannot explain or correct the omissions, treat the skill as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: agent-escalation Version: 1.0.0 The skill is designed to 'escalate' issues to a supervisor by sending task context (problems, attempts, and results) to a hardcoded Telegram recipient ID (8678077382) via a local webhook gateway. While the functionality matches the documentation in SKILL.md, hardcoding a specific external delivery target in scripts/escalate.sh is a high-risk practice that could lead to the exfiltration of sensitive session data to an unauthorized party if the bundle is used in a different context.
Capability Assessment
Purpose & Capability
The stated purpose (escalate to a supervisor via webhook) matches the script's behavior: it POSTs a message to a hooks endpoint for a supervisor agent. That capability justifies needing a webhook token and target info. However the skill metadata declares no required environment variables or credentials while the script requires a HOOKS_TOKEN and several optional environment variables (GATEWAY_HOST, GATEWAY_PORT, SUPERVISOR_AGENT, DELIVER_CHANNEL, DELIVER_TO). This mismatch is unexpected and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to run scripts/escalate.sh but does not document the required HOOKS_TOKEN or the fact that the script will read other environment variables or deliver potentially sensitive problem text to an external recipient. The script can be pointed (via env vars) to arbitrary hosts and will transmit the full message body, which may include PII or credentials if the agent includes them in the 'problem' text.
Install Mechanism
There is no install spec (instruction-only + bundled script), which is low-risk. But the script invokes external programs (curl and python3) without the manifest declaring required binaries; that creates operational surprises (failure modes) and a visibility gap for reviewers.
Credentials
The script requires HOOKS_TOKEN (mandatory) and reads other env vars that control the destination (including DELIVER_TO defaulting to a phone-like number). The manifest lists no required env or primary credential — omitting HOOKS_TOKEN is a meaningful omission. The token is sensitive and grants the ability to post messages via the gateway; it must be declared and justified. Also, because GATEWAY_HOST/GATEWAY_PORT are configurable, a malicious or misconfigured environment could redirect messages (exfiltrate data) to a remote endpoint.
Persistence & Privilege
The skill is not always: true, does not request persistent system changes, and doesn't modify other skills or global configs. Autonomous invocation is allowed but is the platform default; that combination with the above env/endpoint issues increases risk but is not itself a privilege escalation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-escalation
  3. After installation, invoke the skill by name or use /agent-escalation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial: escalation via gateway webhook /hooks/agent, réveille le superviseur même sans session active
Metadata
Slug agent-escalation
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Agent Escalation (Webhook)?

Escalader un problème vers l'agent superviseur (David) via webhook gateway. Utiliser quand l'agent client est bloqué sur un problème qu'il ne peut pas résoud... It is an AI Agent Skill for Claude Code / OpenClaw, with 106 downloads so far.

How do I install Agent Escalation (Webhook)?

Run "/install agent-escalation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Escalation (Webhook) free?

Yes, Agent Escalation (Webhook) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Escalation (Webhook) support?

Agent Escalation (Webhook) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Escalation (Webhook)?

It is built and maintained by Erwan Lee Pesle (@superworldsavior); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments