An independent, evidence-based trust comparison of NeMo Guardrails and SkillSpector, two Security & Guardrails projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | NeMo GuardrailsNVIDIA/NeMo-Guardrails | SkillSpectorNVIDIA/SkillSpector |
|---|---|---|
| HVTrust score | 71.2 | 65.3 |
| Evidence grade | B | B |
| Coverage grade | A | C |
| Overall rank | #93 | #138 |
| Rank in Security & Guardrails | #2 | #3 |
| GitHub stars | 6.7k | 13.2k |
| Last updated | 1d ago | 1d ago |
| Build provenance | No | No |
| OSSF Scorecard | 5.9 / 10 | 7.1 / 10 |
| License | NOASSERTION | Apache-2.0 |
| Downloads | 79k/wk | — |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 12.4 | 10.8 |
| Identity & provenance / 18 | 10.8 | 10.8 |
| Transparency / 17 | 13.5 | 14.5 |
| Maintenance / 20 | 19.7 | 19.9 |
| Adoption / 20 | 15.7 | 9.9 |
| Runtime capability surface (full matrix) | ||
| MCP server | — | Implemented |
| External providers | 1 — OpenAI | 3 — Amazon Bedrock, Anthropic, OpenAI |
| Requires API keys | No | Yes |
| Plugin surface | plugins | extensions |
| Provenance drift | Unknown | — |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.2 →