Uncle Matt
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only safety wrapper, but it depends on a separate broker repo/installer and delegated API secrets that users should review before setup.
Before installing, inspect the linked UNCLEMATTCLAWBOT repository and setup scripts, confirm the broker binds only to localhost, and add only narrow, low-privilege API actions. The included skill text is security-focused and disclosed, but the real authority comes from the external broker configuration you choose to run.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The registry package alone is not enough; installing the full system means trusting code from the linked repository.
The core runtime component is outside the reviewed skill bundle, so users are relying on an external repository for the broker and installer.
This skill package does **not** include the Broker or installer scripts. You must install those from the full UNCLEMATTCLAWBOT repo
Review the linked repository and installer scripts, pin a known commit or release, and verify the repository owner before running setup.
Setup will run code on the user's machine and start broker infrastructure; this is disclosed but should not be treated as a no-code install.
The documented setup involves executing installer scripts and building/starting containers from the external repo.
macOS/Linux: `installer/setup.sh` ... Windows: `installer/setup.ps1` ... Restart broker: `docker compose up -d --build`
Inspect scripts before running them, use a least-privileged environment, and understand what Docker services are started.
Configured actions may use your API credentials through the broker, so badly scoped actions could still affect third-party accounts.
The broker is expected to handle API secrets and make authenticated upstream calls on the user's behalf, even though the agent should not see the keys.
A local Broker injects secrets and blocks unsafe network access.
Only add narrowly scoped actions, keep secrets out of agent-visible configs, and prefer limited API tokens with budgets and rate limits.
If an operator adds broad or mutating broker actions, the agent could use them through this tool.
The skill exposes a generic action-ID API gateway. The artifacts describe controls, but safety depends on each configured action remaining narrowly allowlisted.
The agent can only call `uncle_matt_action(actionId, json)` ... Each action pins: host + path ... method ... rate/budget limits
Review `ACTIONS.generated.md` and the broker config before use; require explicit user approval for actions that modify accounts, spend money, or publish data.
A local service may keep accepting configured broker requests until it is stopped or disabled.
The documented command runs the broker stack in detached mode, meaning it may continue running in the background after setup.
Restart broker: `docker compose up -d --build`
Know how to stop and update the broker, keep it bound to localhost as documented, and remove or disable actions you no longer need.