An independent, evidence-weighted trust comparison of two protocols & tool integration — ranked on verifiable signals, not popularity.
This section is the production trust ranking: supply-chain integrity, provenance, maintenance, and adoption.
| Signal | A2A / Agent2Agent Protocol | CLI-Anything |
|---|---|---|
| HVTrust score | 89.4 | 70.7 |
| Evidence grade | A | B |
| Registry state | Listed | Listed |
| Safety / Integrity (25) | 21.2 | 8.9 |
| Identity / Provenance (18) | 18.0 | 18.0 |
| Transparency (17) | 14.4 | 8.5 |
| Maintenance (20) | 16.7 | 19.5 |
| Adoption (20) | 19.1 | 15.8 |
| GitHub stars | 24.1k | 42.1k |
| Weekly downloads | 2,676,378 | 3,589 |
| Last push | 2026-06-05 | 2026-06-04 |
| Language | Shell | Python |
| OSSF Scorecard | 7.0 | — |
| Review flags | — | — |
| Recent change | 2026-05-29: HVTrust up 10.2pts (75.2 → 85.4) | 2026-06-06: Rank rose 95 spots (#166 → #71) |
This section is separate from HVTrust. It compares MCP, service dependencies, tool surface, and package-source alignment as descriptive agent-profile context.
These signals help you understand how an agent is wired and what operational surface it exposes, but they do not change the production HVTrust rank.
| Surface signal | A2A / Agent2Agent Protocol | CLI-Anything |
|---|---|---|
| MCP server support | None detected No public MCP signal confidence label | None detected No public MCP signal confidence label |
| External service dependencies | None detected No clear third-party provider dependency detected | 1 detected OpenAI |
| Tool / plugin surface | Declared code | Marketplace browser, code, search, shell |
| Package provenance drift | Unknown Package source metadata is missing or inconclusive | Match Published package metadata matches the tracked repo |