sairin1202/trustoss-cli

GitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org

¿Qué es trustoss-cli?

trustoss-cli is a Claude Code agent skill that gitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org.

Compatible con~Claude Code~Codex CLI~Cursor
npx skills add sairin1202/trustoss-cli

Installed? Explore more Investigación y análisis de datos skills: obra/superpowers, affaan-m/quarkus-verification, affaan-m/uspto-database · View all 6 →

Preguntar en tu IA favorita

Abre un nuevo chat con esta habilidad de agente ya precargada.

Documentación

TrustOSS repository audit

TrustOSS analyzes public GitHub repositories and returns structured health reports. No authentication is required. Rate limit: ~30 requests/minute per IP — sequence your calls, don't parallel-blast.

Quick start

If the trustoss CLI is installed (npm install -g trustoss-cli):

trustoss analyze <owner/repo>      # 5-dimension health score
trustoss deep-scan <owner/repo>    # ok/warn/risk findings
trustoss star-audit <owner/repo>   # star curve + stargazer audience

Add --json to any command for machine-readable output.

Without the CLI, call the HTTP API directly:

curl "https://trustoss.org/api/analyze?repo=<owner>/<name>"
curl "https://trustoss.org/api/inspect?repo=<owner>/<name>"
curl "https://trustoss.org/api/stars?repo=<owner>/<name>"

Choosing the right endpoint

  • analyze — first stop. Overall 0-100 score with letter grade, broken into activity, maintenance, community, documentation, and maturity dimensions, each with per-signal details.
  • inspect (deep scan) — structural truth. Groups of findings, each with severity (ok | warn | risk), covering: code substance (tests, CI config, docs-only detection), engineering health (CI pass rate, PR merge rate), known vulnerabilities (OSV, latest release), real adoption (dependent packages via deps.dev), bus factor (commit concentration), and star growth authenticity (spike detection).
  • stars (star audit) — is the popularity real? Returns samples (cumulative star counts over time for a growth curve), plus profiles of the ~30 most recent stargazers classified as veteran / active / casual / newcomer / ghost (empty profile = bought-star signal), and a stats.verdict line with verdictSeverity (ok | warn | risk).

Interpreting results

  • Overall score ≥80 (A) strong, 60-79 (B) solid, 40-59 (C) needs scrutiny, <40 investigate before adopting.
  • Any deep-scan risk finding deserves a sentence in your report; warn findings matter in aggregate.
  • Star audit: ghostPct ≥40% or newAccountPct ≥50% among recent stargazers means the star count should not be trusted as a popularity signal. A vertical cliff in the growth curve without a matching release is a campaign fingerprint.
  • Cross-check: high stars + risk on "real adoption" (few dependents) + ghost-heavy audience = classic inflated repo.

Reporting to the user

Lead with the verdict (adopt / adopt with caveats / avoid), then the overall score, then only the findings that drove the verdict. Link the shareable report: https://trustoss.org/repo/<owner>/<name>.

Skills relacionados