HITL Protocol — Workflows and Human Decisions for Autonomous Agents
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only protocol guide for routing human review decisions, with purpose-aligned cautions around external polling and bearer review links.
This skill appears safe to install as documentation for HITL workflows. Before using it in real automations, make sure review links go only to the intended human, services use safe timeout defaults, and high-impact actions still require clear user approval.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this protocol may continue an external workflow after a human decision or timeout, so unsafe defaults such as automatic approval could matter in high-impact workflows.
The guide instructs agents to make external HTTP polling requests and continue a workflow based on service-provided HITL status or defaults.
- [ ] **Poll for result** — `GET hitl.poll_url` at 30-second to 5-minute intervals ... **Handle `expired`** — execute `hitl.default_action` or inform user
Use trusted HTTPS HITL services, cap polling according to rate limits, and configure safe defaults such as reject, skip, or abort for sensitive or irreversible actions.
If a review URL is shared in the wrong channel or logged, someone else might access the review or make the decision.
The protocol intentionally uses review URLs as bearer-delegation links, so possession of a link may grant the ability to view or act on a review.
- Bearer model — URL sharing is delegation by design
Send review links only through trusted private channels, use short expirations and HTTPS, avoid logging bearer URLs, and verify webhook signatures where callbacks are used.