Back to plugin

Security audit

Nutrient PDF Plugin for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to be a straightforward local PDF-to-Markdown extractor, with the expected command execution needed to run the PDF conversion tool.

Install only if you want OpenClaw agents or the OpenClaw CLI to process local PDFs through Nutrient's pdf-to-markdown tool. Be aware that the plugin runs the configured PDF conversion command, including a startup --version probe, so avoid pointing its command setting at anything you do not trust and review the separate Nutrient licensing terms for higher-volume or commercial use.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/nutrient-cli.js:90
Evidence
await execFile(cmd, ["--version"], { timeout: 10_000 });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/nutrient-cli.ts:111
Evidence
await execFile(cmd, ["--version"], { timeout: 10_000 });