Community研究与数据分析github.com

sairin1202/trustoss-cli

GitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org

trustoss-cli 是什么?

trustoss-cli is a Claude Code agent skill that gitHub repository health reports in your terminal and AI agent — health scores, deep scans, fake-star audits from trustoss.org.

兼容平台~Claude Code~Codex CLI~Cursor
npx skills add sairin1202/trustoss-cli

Installed? Explore more 研究与数据分析 skills: obra/superpowers, affaan-m/quarkus-verification, affaan-m/uspto-database · View all 6 →

在你喜欢的 AI 中提问

打开一个已预加载此 Agent Skill 的新对话。

文档

TrustOSS repository audit

TrustOSS analyzes public GitHub repositories and returns structured health reports. No authentication is required. Rate limit: ~30 requests/minute per IP — sequence your calls, don't parallel-blast.

Quick start

If the trustoss CLI is installed (npm install -g trustoss-cli):

trustoss analyze <owner/repo>      # 5-dimension health score
trustoss deep-scan <owner/repo>    # ok/warn/risk findings
trustoss star-audit <owner/repo>   # star curve + stargazer audience

Add --json to any command for machine-readable output.

Without the CLI, call the HTTP API directly:

curl "https://trustoss.org/api/analyze?repo=<owner>/<name>"
curl "https://trustoss.org/api/inspect?repo=<owner>/<name>"
curl "https://trustoss.org/api/stars?repo=<owner>/<name>"

Choosing the right endpoint

  • analyze — first stop. Overall 0-100 score with letter grade, broken into activity, maintenance, community, documentation, and maturity dimensions, each with per-signal details.
  • inspect (deep scan) — structural truth. Groups of findings, each with severity (ok | warn | risk), covering: code substance (tests, CI config, docs-only detection), engineering health (CI pass rate, PR merge rate), known vulnerabilities (OSV, latest release), real adoption (dependent packages via deps.dev), bus factor (commit concentration), and star growth authenticity (spike detection).
  • stars (star audit) — is the popularity real? Returns samples (cumulative star counts over time for a growth curve), plus profiles of the ~30 most recent stargazers classified as veteran / active / casual / newcomer / ghost (empty profile = bought-star signal), and a stats.verdict line with verdictSeverity (ok | warn | risk).

Interpreting results

  • Overall score ≥80 (A) strong, 60-79 (B) solid, 40-59 (C) needs scrutiny, <40 investigate before adopting.
  • Any deep-scan risk finding deserves a sentence in your report; warn findings matter in aggregate.
  • Star audit: ghostPct ≥40% or newAccountPct ≥50% among recent stargazers means the star count should not be trusted as a popularity signal. A vertical cliff in the growth curve without a matching release is a campaign fingerprint.
  • Cross-check: high stars + risk on "real adoption" (few dependents) + ghost-heavy audience = classic inflated repo.

Reporting to the user

Lead with the verdict (adopt / adopt with caveats / avoid), then the overall score, then only the findings that drove the verdict. Link the shareable report: https://trustoss.org/repo/<owner>/<name>.

相关技能