Creator of Matchlock here. Mostly for performance and usability. For interacting with external APIs like GCP or GitHub that generally have huge surface area, it's much more token-efficient and easier to set up if you just give the agent gcloud and gh CLI tools and the secrets to use them (in our case fake ones), compared to wiring up a full-blown MCP server. Plus, agents tend to perform better with CLI tools since they've been heavily RL'd on them.
That doesn't add up to me at all. Agents are RLd on tool usage just as hard and you can provide an "authed API call" tool to whatever you want.
Token efficiency is a good argument actually.