ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

Uncle Matt

Uncle Matt is your favorite internet uncle who stops you from doing really stupid shit while keeping secrets safe.

Why use this skill?

Secure your OpenClaw agent by decoupling secrets from logic. Use Uncle Matt to manage external API calls through a hardened, mTLS-enabled local Broker without exposing keys.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/uncmatteth/uncle-matt
Or

What This Skill Does

Uncle Matt is a hardened security abstraction layer for OpenClaw agents. It acts as a safety-first gateway that decouples the agent's logic from sensitive API credentials. By utilizing the required local Broker (a separate middleware component), Uncle Matt ensures that the agent never possesses, caches, or transmits actual API keys. Instead, the agent interacts with predefined, allowlisted 'action IDs'. This architectural design effectively neutralizes the risk of secret exfiltration via prompt injection or malicious tool manipulation. If an agent is compromised or instructed to perform a task outside its predefined parameters, the Broker will drop the request, maintaining strict mTLS compliance and budget monitoring.

Installation

To integrate Uncle Matt, you must first deploy the supporting infrastructure. 1) Clone the repository at https://github.com/uncmatteth/UNCLEMATTCLAWBOT. 2) Follow the instructions in docs/INSTALL.md to configure the local Broker, which manages your mTLS keys and API secrets. 3) Once the Broker is operational, run the following command in your terminal: clawhub install openclaw/skills/skills/uncmatteth/uncle-matt. After installation, verify the Broker connection by checking the ACTIONS.generated.md file to see your available action IDs.

Use Cases

Use Uncle Matt when your agent requires interaction with third-party APIs (like CRM platforms, payment processors, or internal databases) but you cannot afford to expose your API keys to the LLM's context window. It is ideal for enterprise environments where security compliance mandates that AI agents operate within strictly defined, audited, and hardened communication channels. It also serves as a robust defense against 'jailbreak' attempts where a malicious actor might try to trick the agent into hitting an arbitrary URL to leak session tokens or exfiltrate private data.

Example Prompts

  1. "Uncle Matt, I need to look up the status of order #99283. Use the relevant action ID for our order tracking system."
  2. "Please check the latest security logs using the log_query_v1 action. Only show me events flagged with high priority."
  3. "Enable the voice pack and notify me if any of my upcoming API requests get blocked for security reasons."

Tips & Limitations

This skill is intentionally restrictive; it is meant to break things when they don't conform to security policy. Do not attempt to use uncle_matt_action for arbitrary HTTP requests. If you require a new integration, you must update the Broker configuration file. If the agent blocks your request, verify that the actionId exists in your ACTIONS.generated.md and that your local Broker is listening on the expected port. For troubleshooting common setup issues, consult the READMEFORDUMMYDOODOOHEADSSOYOUDONTFUCKUP.MD included in the source repository.

Read Full Documentation on GitHub

Metadata

Author@uncmatteth
Stars946
Views1
Updated2026-02-13
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-uncmatteth-uncle-matt": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#api-gateway#data-protection#agent-safety#middleware
Safety Score: 5/5

Flags: external-api