Portugal
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: portugal Version: 1.0.0 The skill is classified as suspicious due to its reliance on markdown as an attack surface for direct shell command execution. Specifically, `setup.md` contains the instruction `mkdir -p ~/portugal`, which demonstrates the agent's capability to execute arbitrary shell commands. While this particular command is benign and intended for skill setup, it highlights a significant Remote Code Execution (RCE) vulnerability in the OpenClaw platform's design. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized network requests within the provided files, and `SKILL.md` explicitly disclaims such actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your travel plans or preferences may be saved locally so the assistant can reuse them in later Portugal-planning conversations.
The skill uses persistent local trip memory, which can store personal travel preferences or itinerary context for reuse.
Memory lives in `~/portugal/`. See `memory-template.md` for structure.
Review or delete files in ~/portugal/ if you do not want trip details retained, and avoid storing highly sensitive personal information there.