Quo
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: quo Version: 1.0.3 The 'quo' skill provides a legitimate integration for the Quo (OpenPhone) business phone system via a middleware proxy at api.maton.ai. The SKILL.md file contains standard API interaction patterns, documentation for OAuth connection management, and explicit instructions for the AI agent to seek user approval before performing write operations. No indicators of data exfiltration, malicious execution, or obfuscation were found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with the key can access the connected business phone account according to the granted OAuth permissions.
The skill requires a bearer API key that authorizes access to the user's managed Quo/OpenPhone connection.
All requests require the Maton API key in the Authorization header... Authorization: Bearer $MATON_API_KEY
Use a dedicated Maton API key if possible, store it securely, and revoke it if the skill is no longer needed.
An approved write operation could send messages from the user's business phone number or otherwise change phone-system state.
The documented API can send outbound SMS messages, which is a business-impacting write action.
Send Text Message... POST /quo/v1/messages... "content": "Hello, world!", "from": "PN123abc", "to": ["+15555555555"]
Before approving any write action, verify the connection, sender number, recipient, message body, and intended business effect.
Sensitive phone-system data such as messages, contacts, call recordings, and transcripts may pass through Maton's proxy as part of normal operation.
The integration routes Quo/OpenPhone API requests through Maton's managed OAuth proxy, creating an external provider data boundary.
Maton proxies requests to `api.openphone.com` and automatically injects your OAuth token.
Confirm that Maton is an approved provider for your organization before connecting a production business phone account.