Back to skill

Security audit

Quo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Quo/OpenPhone integration, but it should be used carefully because it can access sensitive phone records and change contacts.

Install only if you trust Maton with access to the connected Quo/OpenPhone account. Keep MATON_API_KEY out of prompts, logs, and screenshots; avoid echoing it in terminals that may be recorded. Before sending SMS, changing contacts, deleting contacts, or deleting OAuth connections, confirm the exact account, recipient or contact ID, and intended effect. Treat recordings, transcripts, voicemails, and message history as sensitive communications data and retrieve only what the user is authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill documents endpoints for retrieving call recordings, transcripts, summaries, and voicemails, which are highly sensitive communications data, but does not pair them with any warning about privacy, legal consent, or access minimization. In a phone-system integration, omission of consent and handling guidance increases the chance an agent will retrieve or disclose sensitive content without appropriate user confirmation or lawful basis.

Missing User Warnings

Low
Confidence
73% confidence
Finding
The skill requires use of MATON_API_KEY and repeatedly demonstrates reading it from environment variables, but does not warn users not to print, share, log, or embed the credential in prompts or code snippets. That omission can lead to accidental credential disclosure, especially in interactive agent environments where outputs and logs may be retained.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#### Delete Contact

```bash
DELETE /quo/v1/contacts/{contactId}
```

#### Get Contact Custom Fields
Confidence
81% confidence
Finding
DELETE /quo/v1/contacts/{contactId}

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.