CommunityRecherche & Datenanalysegithub.com

sairin1202/trustoss-cli

GitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org

Was ist trustoss-cli?

trustoss-cli is a Claude Code agent skill that gitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org.

Funktioniert mit~Claude Code~Codex CLI~Cursor
npx skills add sairin1202/trustoss-cli

Installed? Explore more Recherche & Datenanalyse skills: obra/superpowers, affaan-m/quarkus-verification, affaan-m/uspto-database · View all 6 →

In Ihrer bevorzugten KI fragen

Öffnet einen neuen Chat, in dem dieser Agent-Skill bereits geladen ist.

Dokumentation

TrustOSS repository audit

TrustOSS analyzes public GitHub repositories and returns structured health reports. No authentication is required. Rate limit: ~30 requests/minute per IP — sequence your calls, don't parallel-blast.

Quick start

If the trustoss CLI is installed (npm install -g trustoss-cli):

trustoss analyze <owner/repo>      # 5-dimension health score
trustoss deep-scan <owner/repo>    # ok/warn/risk findings
trustoss star-audit <owner/repo>   # star curve + stargazer audience

Add --json to any command for machine-readable output.

Without the CLI, call the HTTP API directly:

curl "https://trustoss.org/api/analyze?repo=<owner>/<name>"
curl "https://trustoss.org/api/inspect?repo=<owner>/<name>"
curl "https://trustoss.org/api/stars?repo=<owner>/<name>"

Choosing the right endpoint

  • analyze — first stop. Overall 0-100 score with letter grade, broken into activity, maintenance, community, documentation, and maturity dimensions, each with per-signal details.
  • inspect (deep scan) — structural truth. Groups of findings, each with severity (ok | warn | risk), covering: code substance (tests, CI config, docs-only detection), engineering health (CI pass rate, PR merge rate), known vulnerabilities (OSV, latest release), real adoption (dependent packages via deps.dev), bus factor (commit concentration), and star growth authenticity (spike detection).
  • stars (star audit) — is the popularity real? Returns samples (cumulative star counts over time for a growth curve), plus profiles of the ~30 most recent stargazers classified as veteran / active / casual / newcomer / ghost (empty profile = bought-star signal), and a stats.verdict line with verdictSeverity (ok | warn | risk).

Interpreting results

  • Overall score ≥80 (A) strong, 60-79 (B) solid, 40-59 (C) needs scrutiny, <40 investigate before adopting.
  • Any deep-scan risk finding deserves a sentence in your report; warn findings matter in aggregate.
  • Star audit: ghostPct ≥40% or newAccountPct ≥50% among recent stargazers means the star count should not be trusted as a popularity signal. A vertical cliff in the growth curve without a matching release is a campaign fingerprint.
  • Cross-check: high stars + risk on "real adoption" (few dependents) + ghost-heavy audience = classic inflated repo.

Reporting to the user

Lead with the verdict (adopt / adopt with caveats / avoid), then the overall score, then only the findings that drove the verdict. Link the shareable report: https://trustoss.org/repo/<owner>/<name>.

Verwandte Skills