Dev Progress Governor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only development workflow helper with no code or credentials, though users should be aware it is meant to create or append a project progress log.
This skill appears safe for normal development workflow use. Before installing, understand that it may help maintain a progress-log.md file or similar project log; keep sensitive details out of that log if the repository may be shared.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Progress-log entries may preserve details about files changed, tasks, blockers, and commit state in the project.
The skill intentionally creates persistent project summaries. This is aligned with its purpose, but those summaries may later be reused or shared with the repository.
Default log filename: `progress-log.md` ... Each progress update should append: - timestamp if available - current phase or issue - what was completed - changed files or affected areas - commit hash if known - next step - blockers or risks
Review progress-log entries before committing or sharing them, and avoid including secrets, private customer data, or sensitive internal details.