Hello,
While trying the tool, I find that the uploading file functionality relies on using the user-provided filename extension which could be a security issue as described in CWE-646: Reliance on File Name or Extension of Externally-Supplied File.
Attacker could obfuscate the file name extension and drop malicious code on the server for the further attack.
Thanks for reading.