Back to plugin

Security audit

Image to PDF

Security checks across malware telemetry and agentic risk

Overview

The skill's code, runtime instructions, and requested configuration are coherent with its stated purpose (upload images to PDFAPIHub to produce PDFs); it only requires a single API key and does not request unrelated privileges.

This plugin uploads images to pdfapihub.com for processing, so only use it with images you are comfortable sending to a third party. Verify PDFAPIHub's privacy and retention policies if you will process sensitive documents (medical records, IDs, legal paperwork). Store the API key in the plugin config or as the declared environment variable (PDFAPIHUB_API_KEY) and avoid sharing that key. If you need to handle highly sensitive images, prefer an on-premise or locally running converter instead. Finally, confirm the plugin version you install matches a trusted source (the repo URL and author fields are present) and rotate/delete API keys if you stop using the plugin.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.