Back to plugin

Security audit

PDF Merge & Split

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and requirements are consistent with a PDF processing integration that calls PDFAPIHub, but there are small metadata/configuration mismatches and the normal privacy risks of sending documents to an external API.

This plugin appears to do what it says: it calls PDFAPIHub to merge, split, inspect, and compress PDFs. Before installing, confirm you are comfortable uploading files to an external service (pdfapihub.com) and review that service's privacy/retention policy for sensitive documents. Note the repository/manifest expect you to provide one API key (apiKey or PDFAPIHUB_API_KEY) even though registry metadata omitted it — configure the key in ~/.openclaw/openclaw.json or the plugin config as documented. If you need to process confidential PDFs, consider running a local tool instead or verify PDFAPIHub's handling of uploaded files and key scope. Finally, verify the plugin's source and publisher (PDFAPIHub) match your expectations before enabling.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.