Security audit
Image to PDF
Security checks across malware telemetry and agentic risk
Overview
The skill's code, runtime instructions, and requested configuration are coherent with its stated purpose (upload images to PDFAPIHub to produce PDFs); it only requires a single API key and does not request unrelated privileges.
This plugin uploads images to pdfapihub.com for processing, so only use it with images you are comfortable sending to a third party. Verify PDFAPIHub's privacy and retention policies if you will process sensitive documents (medical records, IDs, legal paperwork). Store the API key in the plugin config or as the declared environment variable (PDFAPIHUB_API_KEY) and avoid sharing that key. If you need to handle highly sensitive images, prefer an on-premise or locally running converter instead. Finally, confirm the plugin version you install matches a trusted source (the repo URL and author fields are present) and rotate/delete API keys if you stop using the plugin.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
