Back to plugin

Security audit

HTML to PDF

Security checks across malware telemetry and agentic risk

Overview

The plugin appears to do what it claims — convert HTML/URLs to PDFs via the PDFAPIHub API and only needs an API key — but there are small metadata inconsistencies and clear privacy implications you should review before use.

This plugin legitimately calls PDFAPIHub to render HTML/URLs into PDFs and requires a PDFAPIHUB_API_KEY. Before installing: (1) Confirm you trust https://pdfapihub.com and are comfortable sending HTML and public URLs to their servers. Avoid passing Authorization headers, cookies, or any internal/private URLs to the url_to_html tool because they will be transmitted. (2) Be aware of a minor metadata mismatch in the registry (it omitted the required env var) — ensure you configure the API key in your OpenClaw config or env. (3) Use a scoped/revocable API key if possible and be prepared to revoke it if you stop using the plugin.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.