Quo
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Quo/OpenPhone business phone API integration, but it uses a Maton API key and OAuth-backed access to sensitive phone data and write-capable messaging features.
This skill appears purpose-aligned for managing a business phone system. Install it only if you trust Maton with access to your Quo/OpenPhone data, keep the MATON_API_KEY secure, and require clear confirmation before any message-sending, contact changes, or connection changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with the key can access the connected business phone account according to the granted OAuth permissions.
The skill requires a bearer API key that authorizes access to the user's managed Quo/OpenPhone connection.
All requests require the Maton API key in the Authorization header... Authorization: Bearer $MATON_API_KEY
Use a dedicated Maton API key if possible, store it securely, and revoke it if the skill is no longer needed.
An approved write operation could send messages from the user's business phone number or otherwise change phone-system state.
The documented API can send outbound SMS messages, which is a business-impacting write action.
Send Text Message... POST /quo/v1/messages... "content": "Hello, world!", "from": "PN123abc", "to": ["+15555555555"]
Before approving any write action, verify the connection, sender number, recipient, message body, and intended business effect.
Sensitive phone-system data such as messages, contacts, call recordings, and transcripts may pass through Maton's proxy as part of normal operation.
The integration routes Quo/OpenPhone API requests through Maton's managed OAuth proxy, creating an external provider data boundary.
Maton proxies requests to `api.openphone.com` and automatically injects your OAuth token.
Confirm that Maton is an approved provider for your organization before connecting a production business phone account.