Security audit
PDF to PNG
Security checks across malware telemetry and agentic risk
Overview
The plugin is internally consistent with its purpose — it converts PDFs by calling pdfapihub.com and requires an API key — but it will transmit PDF content to that external service, so only install if you trust PDFAPIHub and are comfortable sending documents off-host.
This plugin sends PDF data (URL or base64 content) to https://pdfapihub.com to perform conversions and requires a PDFAPIHub API key. Before installing: (1) Confirm you trust PDFAPIHub's privacy/security policies — do not upload sensitive documents if you cannot accept external processing. (2) Configure the API key securely (plugin config apiKey or the plugin env entry); the repository's metadata did not explicitly list required env vars, so double-check where your OpenClaw gateway expects the key. (3) Be aware converted outputs may be returned as external URLs or Base64 — review where those URLs are hosted. (4) If you need conversions to remain fully local, do not install this plugin. Otherwise, the plugin's behavior is coherent with its stated purpose.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
