Agent Escalation (Webhook)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The escalation workflow is coherent, but it can forward issue context to a supervisor gateway with Telegram delivery to a hard-coded recipient using an undeclared bearer token.
Install this only if the local gateway, supervisor agent “david,” and Telegram recipient are intended for your environment. Configure the recipient explicitly, use a narrowly scoped HOOKS_TOKEN, and avoid sending secrets or customer-sensitive details unless the user has approved the escalation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent will run a local command and contact the configured gateway rather than only providing advice.
The skill runs a local shell script that posts to a webhook. This is central to the escalation purpose, but it is still an agent-executed tool action users should be aware of.
RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
"http://${GATEWAY_HOST}:${GATEWAY_PORT}/hooks/agent"Use it only for real escalation cases and consider requiring user confirmation before the agent runs the script.
A user may not realize the skill needs a privileged gateway token that can wake agents and trigger message delivery.
The script requires and uses a bearer token for gateway access, while the supplied metadata declares no required environment variables or primary credential.
HOOKS_TOKEN="${HOOKS_TOKEN:?HOOKS_TOKEN non défini}" ... -H "Authorization: Bearer ${HOOKS_TOKEN}"Declare HOOKS_TOKEN in metadata, document its required scope, and use a least-privileged token limited to this escalation endpoint.
Problem descriptions, attempted fixes, and error details could be sent into another agent session and routed to a Telegram destination the user did not configure.
The script forwards escalation content to another agent and requests delivery over Telegram to a hard-coded default recipient, without clear per-use confirmation or data-boundary controls.
SUPERVISOR_AGENT="${SUPERVISOR_AGENT:-david}"
DELIVER_CHANNEL="${DELIVER_CHANNEL:-telegram}"
DELIVER_TO="${DELIVER_TO:-8678077382}" ... "wakeMode": "now", ... "deliver": trueRequire explicit user-configured recipients, show the destination before sending, ask for approval, and redact secrets or customer-sensitive details from escalation messages.