Back to plugin

Security audit

PDF to JPG

Security checks across malware telemetry and agentic risk

Overview

The skill's code, documentation, and configuration are coherent with its stated purpose: it uploads PDFs to PDFAPIHub for conversion and requires only that service's API key.

This plugin sends any PDFs you convert to PDFAPIHub's servers and requires your PDFAPIHUB_API_KEY (or apiKey in the OpenClaw config). Before installing: 1) confirm you trust pdfapihub.com for handling the sensitivity of your documents, 2) store the API key securely and avoid using broadly-scoped or shared secrets, 3) review PDFAPIHub's privacy/retention policy if you plan to convert confidential files, and 4) note the small metadata inconsistency in the registry (the plugin does require an API key despite an earlier 'none' listing). If you need purely local conversion for sensitive documents, consider a local tool instead.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.