We Scanned 23,794 OpenClaw Skills. Here Is What the Full Governance Scan Found

The strongest conclusion is simple: There is enough broken, insecure, or incomplete code in the OpenClaw corpus to justify systematic scanning before installation. OpenClaw has a large public skill ecosystem. That creates obvious upside, but also obvious risk: most users do not inspect every skill they install, and many of those skills are written or assisted by code generation tools. We ran the full Saturnday governance engine across the entire public OpenClaw corpus, covering security, dependency integrity, testing, code quality, and project hygiene across Python, TypeScript, JavaScript, and shell. The result is a stark picture of what happens when AI generated or AI assisted code is published at scale with limited review. What is Saturnday? Saturnday is a terminal-first, open-source governance runtime for AI coding tools. You describe the project in plain English, and Saturnday plans the build, splits it into tickets, executes each step through your existing AI coder, runs security