diff --git a/src/tools/call-omo-agent/tools.ts b/src/tools/call-omo-agent/tools.ts
index 373e27709..7de7ff310 100644
--- a/src/tools/call-omo-agent/tools.ts
+++ b/src/tools/call-omo-agent/tools.ts
@@ -163,7 +163,10 @@ async function executeSync(
       body: {
         parentID: toolContext.sessionID,
         title: `${args.description} (@${args.subagent_type} subagent)`,
-      },
+        permission: [
+          { permission: "question", action: "deny" as const, pattern: "*" },
+        ],
+      } as any,
       query: {
         directory: parentDirectory,
       },
@@ -171,6 +174,17 @@ async function executeSync(
 
     if (createResult.error) {
       log(`[call_omo_agent] Session create error:`, createResult.error)
+      const errorStr = String(createResult.error)
+      if (errorStr.toLowerCase().includes("unauthorized")) {
+        return `Error: Failed to create session (Unauthorized). This may be due to:
+1. OAuth token restrictions (e.g., Claude Code credentials are restricted to Claude Code only)
+2. Provider authentication issues
+3. Session permission inheritance problems
+
+Try using a different provider or API key authentication.
+
+Original error: ${createResult.error}`
+      }
       return `Error: Failed to create session: ${createResult.error}`
     }
 
diff --git a/src/tools/look-at/tools.ts b/src/tools/look-at/tools.ts
index 99b34268c..dea499a7f 100644
--- a/src/tools/look-at/tools.ts
+++ b/src/tools/look-at/tools.ts
@@ -102,7 +102,10 @@ If the requested information is not found, clearly state what is missing.`
         body: {
           parentID: toolContext.sessionID,
           title: `look_at: ${args.goal.substring(0, 50)}`,
-        },
+          permission: [
+            { permission: "question", action: "deny" as const, pattern: "*" },
+          ],
+        } as any,
         query: {
           directory: parentDirectory,
         },
@@ -110,6 +113,17 @@ If the requested information is not found, clearly state what is missing.`
 
       if (createResult.error) {
         log(`[look_at] Session create error:`, createResult.error)
+        const errorStr = String(createResult.error)
+        if (errorStr.toLowerCase().includes("unauthorized")) {
+          return `Error: Failed to create session (Unauthorized). This may be due to:
+1. OAuth token restrictions (e.g., Claude Code credentials are restricted to Claude Code only)
+2. Provider authentication issues
+3. Session permission inheritance problems
+
+Try using a different provider or API key authentication.
+
+Original error: ${createResult.error}`
+        }
         return `Error: Failed to create session: ${createResult.error}`
       }