An independent, evidence-weighted trust comparison of two protocols & tool integration — ranked on verifiable signals, not popularity.
This section is the production trust ranking: supply-chain integrity, provenance, maintenance, and adoption.
| Signal | CLI-Anything | MCP Registry |
|---|---|---|
| HVTrust score | 70.7 | 65.1 |
| Evidence grade | B | B |
| Registry state | Listed | Listed |
| Safety / Integrity (25) | 8.9 | 13.2 |
| Identity / Provenance (18) | 18.0 | 10.8 |
| Transparency (17) | 8.5 | 14.1 |
| Maintenance (20) | 19.5 | 17.8 |
| Adoption (20) | 15.8 | 9.2 |
| GitHub stars | 42.1k | 6.9k |
| Weekly downloads | 3,589 | — |
| Last push | 2026-06-04 | 2026-06-05 |
| Language | Python | Go |
| OSSF Scorecard | — | 6.6 |
| Review flags | — | — |
| Recent change | 2026-06-06: Rank rose 95 spots (#166 → #71) | 2026-06-04: Rank dropped 11 spots (#84 → #95) |
This section is separate from HVTrust. It compares MCP, service dependencies, tool surface, and package-source alignment as descriptive agent-profile context.
These signals help you understand how an agent is wired and what operational surface it exposes, but they do not change the production HVTrust rank.
| Surface signal | CLI-Anything | MCP Registry |
|---|---|---|
| MCP server support | None detected No public MCP signal confidence label | Implemented Medium confidence |
| External service dependencies | 1 detected OpenAI | 1 detected Postgres · API/config markers documented |
| Tool / plugin surface | Marketplace browser, code, search, shell | Declared code |
| Package provenance drift | Match Published package metadata matches the tracked repo | Not Applicable No package source configured |