File Upload & Share

The plugin's code and runtime instructions match its stated purpose (uploading files via PDFAPIHub) and request a single API key; the main issue is a minor metadata mismatch in the registry summary and the expected server-side SSRF risk (documented in the docs).

This plugin appears to do what it says: it sends URLs to PDFAPIHub and returns shareable download links. Before installing: 1) Confirm you trust PDFAPIHub (files you point to will be fetched and stored on their servers for up to 30 days). 2) Treat PDFAPIHUB_API_KEY as a secret; configure it in ~/.openclaw/openclaw.json or via env as documented. 3) Never supply localhost, intranet, or presigned/private URLs (the plugin and docs warn this is a server-side request, which creates SSRF risk). 4) Fix the registry/installation metadata discrepancy (the top-level summary shown to you omitted the required env var) — make sure your install path or registry UI will prompt for the PDFAPIHUB_API_KEY before enabling the plugin. If you need stronger assurance, review PDFAPIHub's privacy/security docs and the plugin's network activity after installation.