Security audit
DOCX to PDF
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and required API key are coherent with its stated purpose (document conversion via PDFAPIHub); it uploads files to an external service, which is expected but is a privacy consideration to review.
This plugin appears to do exactly what it says: it uploads documents to PDFAPIHub and returns converted files. Before installing: 1) Confirm you trust PDFAPIHub (review their privacy/retention policy and security practices) because converted files are sent off‑host. 2) Store the API key securely (OpenClaw config or env) and avoid providing keys with overly broad privileges. 3) Do not upload sensitive or regulated documents until you verify data handling and deletion claims. 4) Note the small metadata mismatches in the registry (some top-level fields claim no homepage/env while plugin files do) — this is likely benign but worth checking the plugin source/repository and author identity if you need higher assurance. 5) Test with non-sensitive sample files first.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
