satgate
Manage your API's economic firewall from the terminal. Mint tokens, track spend, revoke agents, enforce budgets. The server-side counterpart to lnget.
Why use this skill?
Control agent spending and API access with SatGate. Mint tokens, set budget limits, and manage security policies directly from your terminal for secure agent ops.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/matt-dean-git/satgateWhat This Skill Does
SatGate acts as the economic firewall for your agent infrastructure. While other tools focus on how agents acquire resources, SatGate provides the server-side governance required to ensure that agent activity remains within budget, policy, and security boundaries. It serves as the authoritative register for API access, enabling developers to mint tokens, track granular spending, enforce strict route-based budgets, and immediately terminate access for compromised agents. By acting as the bridge between your infrastructure and the agent economy, it transforms raw API usage into an auditable, controlled, and cost-effective operation. Whether you are managing a small fleet of local agents or scaling a multi-tenant cloud deployment, SatGate provides the command-line observability needed to prevent budget overruns and unauthorized access.
Installation
To integrate SatGate into your OpenClaw environment, use the provided install command:
clawhub install openclaw/skills/skills/matt-dean-git/satgate
Once installed, ensure your environment is correctly configured. If you are using a self-hosted gateway, verify your SATGATE_GATEWAY and SATGATE_ADMIN_TOKEN environment variables are set. For cloud users, point your configuration to the SatGate Cloud surface using your unique tenant slug. Always run satgate status immediately after installation to ensure your local terminal is successfully communicating with the designated gateway. If no configuration exists, run scripts/configure.sh to generate the default ~/.satgate/config.yaml file.
Use Cases
- Enterprise Cost Management: Monitor and enforce strict monthly budgets for individual AI agents to prevent billing spikes.
- Security Incident Response: Instantly revoke access tokens for agents exhibiting anomalous behavior or when credentials are suspected of being compromised.
- Granular Access Control: Restrict specific agents to only access authorized API endpoints (e.g., limiting a research bot to specific OpenAI endpoints while blocking others).
- Delegation Management: Hierarchically manage tokens by minting child tokens under parent accounts for team-based budgeting.
- Audit Compliance: Generate JSON-formatted usage reports for leadership to review AI expenditure and request patterns.
Example Prompts
- "Hey SatGate, check the current status of our gateway and tell me if there are any urgent security threats or anomalies reported."
- "Create a new token for the 'data-processor' agent with a 200 credit budget that is restricted to the /api/openai/* routes."
- "Generate an audit report for last week's spending broken down by agent so I can identify the most expensive processes."
Tips & Limitations
- Safety First: Always utilize the
--dry-runflag when performing administrative tasks like revoking tokens or minting new ones with high budgets to ensure the changes are correct. - Revocation: Remember that revoking a token is an irreversible action. Always double-check the token ID before issuing the command.
- Health Checks: Make it a habit to run
satgate pingbefore running high-priority tasks to ensure the gateway is reachable. - Non-Interactive Usage: In CI/CD pipelines, avoid the
--yesflag unless you have a robust verification step; manual confirmation is the best way to prevent accidental changes.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-matt-dean-git-satgate": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, external-api