An independent, evidence-based trust comparison of Cua and UFO, two Browser & Computer Use projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | Cuatrycua/cua | UFOmicrosoft/UFO |
|---|---|---|
| HVTrust score | 100.0 | 54.6 |
| Evidence grade | A | C |
| Overall rank | #14 | #112 |
| Rank in Browser & Computer Use | #1 | #2 |
| GitHub stars | 19.4k | 9.2k |
| Last updated | 3d ago | 8d ago |
| Build provenance | No | No |
| OSSF Scorecard | 2.9 / 10 | 5.6 / 10 |
| License | MIT | MIT |
| Downloads | 11k/wk | — |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 6.9 | 8.8 |
| Identity & provenance / 20 | 10.8 | 10.8 |
| Transparency / 17 | 11.0 | 13.3 |
| Maintenance / 20 | 19.8 | 16.2 |
| Adoption / 20 | 15.7 | 9.5 |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.0 →