Back to plugin

Security audit

JPG to PDF

Security checks across malware telemetry and agentic risk

Overview

This plugin's code, runtime instructions, and requested configuration are consistent with its stated purpose: converting and compressing images via PDFAPIHub and it only requires the PDFAPIHUB_API_KEY credential.

This skill appears coherent, but before installing: 1) Understand that images (URLs or base64 data) and the API key are sent to PDFAPIHub's servers — do not send sensitive personal or confidential images unless you trust their service and privacy policy. SKILL.md claims files are auto-deleted after 30 days; verify that policy on pdfapihub.com. 2) The API key will be stored in your OpenClaw config (~/.openclaw/openclaw.json) in plaintext; consider whether that storage meets your security requirements. 3) Confirm the plugin source (the GitHub repo) and the publisher identity if you require stronger provenance. 4) If you need guarantees about retention, access logs, or geographic hosting of processed files, review PDFAPIHub's documentation and terms before use.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.