Back to plugin

Security audit

PDF Sign

Security checks across malware telemetry and agentic risk

Overview

The skill implements PDF signing/watermarking via pdfapihub.com and is internally consistent with that purpose, but there are small configuration mismatches you should verify before installing (API key handling and registry metadata).

This plugin appears to do what it says: it sends documents to pdfapihub.com for signing/watermarking and needs a PDFAPIHub API key. Before installing: (1) Confirm how your OpenClaw gateway maps plugin config vs environment variables — the code expects config.apiKey but the SKILL.md recommends PDFAPIHUB_API_KEY, and the registry metadata incorrectly lists no required env. (2) Decide whether you're comfortable sending PDFs (possibly sensitive) to an external service (https://pdfapihub.com); read their privacy/data retention docs and test with non-sensitive documents first. (3) Provide the API key using the plugin config (or the platform’s documented env-to-plugin mapping) rather than placing other credentials here. If you want, ask me to show exactly what to put into your ~/.openclaw/openclaw.json for this plugin given your environment mapping.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.