Back to plugin

Security audit

DOCX to PDF

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and required API key are coherent with its stated purpose (document conversion via PDFAPIHub); it uploads files to an external service, which is expected but is a privacy consideration to review.

This plugin appears to do exactly what it says: it uploads documents to PDFAPIHub and returns converted files. Before installing: 1) Confirm you trust PDFAPIHub (review their privacy/retention policy and security practices) because converted files are sent off‑host. 2) Store the API key securely (OpenClaw config or env) and avoid providing keys with overly broad privileges. 3) Do not upload sensitive or regulated documents until you verify data handling and deletion claims. 4) Note the small metadata mismatches in the registry (some top-level fields claim no homepage/env while plugin files do) — this is likely benign but worth checking the plugin source/repository and author identity if you need higher assurance. 5) Test with non-sensitive sample files first.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.