← 返回 Skills 市场

Agent Escalation (Webhook)

Name: Agent Escalation (Webhook)
Author: superworldsavior

作者 Erwan Lee Pesle · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

106

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-escalation

功能描述

Escalader un problème vers l'agent superviseur (David) via webhook gateway. Utiliser quand l'agent client est bloqué sur un problème qu'il ne peut pas résoud...

使用说明 (SKILL.md)

Escalation vers l'agent superviseur

Quand escalader

Blocage après 2-3 tentatives infructueuses
Erreur technique hors du périmètre de l'agent (config, infra, API)
Demande client qui dépasse les compétences de l'agent
Situation ambiguë nécessitant une décision humaine ou superviseur

Comment escalader

Exécuter le script scripts/escalate.sh via exec :

bash \x3CSKILL_DIR>/scripts/escalate.sh "\x3Cdescription du problème>" "\x3Cce qui a été tenté>" "\x3Crésultat obtenu>"

Paramètres

Problème (obligatoire) — description concise du blocage
Tentatives (obligatoire) — ce qui a été essayé et pourquoi ça n'a pas marché
Résultat (optionnel) — dernier message d'erreur ou état actuel

Exemple

bash \x3CSKILL_DIR>/scripts/escalate.sh \
  "Impossible de lire les mails Google du client — token expiré" \
  "Tenté refresh via Nango, erreur 401 persistante. Vérifié scopes, OK." \
  "Error: invalid_grant - Token has been expired or revoked"

Ce qui se passe

Le script appelle POST /hooks/agent sur le gateway local
Le superviseur (David) reçoit une session dédiée avec le contexte complet
David traite le problème ou escalade à Erwan si nécessaire
La réponse est délivrée sur Telegram à Erwan pour visibilité

Règles

Ne pas escalader pour des questions simples — chercher d'abord dans les skills, la doc, le web
Toujours inclure ce qui a été tenté — le superviseur ne doit pas refaire le travail
Un seul escalade par problème — ne pas spammer le webhook
Informer le client qu'on a escaladé et qu'un retour arrive sous peu

安全使用建议

This skill's behavior (posting an escalation message) is coherent with its description, but the package metadata fails to declare an important secret (HOOKS_TOKEN) and doesn't list required binaries (curl, python3). Before installing, ask the publisher to: 1) update the manifest to declare HOOKS_TOKEN as a required credential and list required binaries; 2) document what data is sent and to which endpoints; 3) confirm the default DELIVER_TO value and that it is an internal contact; 4) ensure GATEWAY_HOST is locked to a trusted internal address (avoid running with a GATEWAY_HOST you don't control). If you must run it now, provide a HOOKS_TOKEN with minimal scope, run in an environment where GATEWAY_HOST is 127.0.0.1 (or another internal gateway you control), and avoid including sensitive data in the problem text. If the publisher cannot explain or correct the omissions, treat the skill as untrusted.

功能分析

Type: OpenClaw Skill Name: agent-escalation Version: 1.0.0 The skill is designed to 'escalate' issues to a supervisor by sending task context (problems, attempts, and results) to a hardcoded Telegram recipient ID (8678077382) via a local webhook gateway. While the functionality matches the documentation in SKILL.md, hardcoding a specific external delivery target in scripts/escalate.sh is a high-risk practice that could lead to the exfiltration of sensitive session data to an unauthorized party if the bundle is used in a different context.

能力评估

ℹ Purpose & Capability

The stated purpose (escalate to a supervisor via webhook) matches the script's behavior: it POSTs a message to a hooks endpoint for a supervisor agent. That capability justifies needing a webhook token and target info. However the skill metadata declares no required environment variables or credentials while the script requires a HOOKS_TOKEN and several optional environment variables (GATEWAY_HOST, GATEWAY_PORT, SUPERVISOR_AGENT, DELIVER_CHANNEL, DELIVER_TO). This mismatch is unexpected and should be reconciled.

⚠ Instruction Scope

SKILL.md instructs the agent to run scripts/escalate.sh but does not document the required HOOKS_TOKEN or the fact that the script will read other environment variables or deliver potentially sensitive problem text to an external recipient. The script can be pointed (via env vars) to arbitrary hosts and will transmit the full message body, which may include PII or credentials if the agent includes them in the 'problem' text.

ℹ Install Mechanism

There is no install spec (instruction-only + bundled script), which is low-risk. But the script invokes external programs (curl and python3) without the manifest declaring required binaries; that creates operational surprises (failure modes) and a visibility gap for reviewers.

⚠ Credentials

The script requires HOOKS_TOKEN (mandatory) and reads other env vars that control the destination (including DELIVER_TO defaulting to a phone-like number). The manifest lists no required env or primary credential — omitting HOOKS_TOKEN is a meaningful omission. The token is sensitive and grants the ability to post messages via the gateway; it must be declared and justified. Also, because GATEWAY_HOST/GATEWAY_PORT are configurable, a malicious or misconfigured environment could redirect messages (exfiltrate data) to a remote endpoint.

✓ Persistence & Privilege

The skill is not always: true, does not request persistent system changes, and doesn't modify other skills or global configs. Autonomous invocation is allowed but is the platform default; that combination with the above env/endpoint issues increases risk but is not itself a privilege escalation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-escalation
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-escalation 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial: escalation via gateway webhook /hooks/agent, réveille le superviseur même sans session active

元数据

Slug agent-escalation

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题