HVTracker scores AI agents by trust, not just GitHub stars

This review analyzes HVTracker's methodology for evaluating 171 AI agents across five trust dimensions, leveraging its open dataset and source code to inform secure tool selection practices.

TL;DR

Best for: Developers and organizations prioritizing security, supply chain integrity, and verifiable trust signals when selecting AI agent frameworks for production environments. Skip if: Your primary criterion for AI agent selection is raw popularity (GitHub stars) or if you exclusively use well-established frameworks with existing internal audit processes. Bottom line: HVTracker provides a data-driven, open-source framework for evaluating AI agent trustworthiness, shifting the focus from superficial popularity metrics to concrete security and transparency indicators.

METHODOLOGY

This v0 review draws on the founder YugantM's published claims in the dev.to blog post "I Ranked 171 AI Agents by Trust — Here's What I Found About Safety and Transparency" (accessed 2026-05-27). Independent benchmarks are pending. Update cadence: re-tested when claims diverge from observed behavior or when HVTracker releases significant methodology updates. This review covers HVTracker's stated scoring methodology, the five trust dimensions, the evidence grading system, and the surprising findings presented by its creator. It also examines the public artifacts: the open dataset at hvtracker.net/data/latest.json and the source code at github.com/YugantM/hvtracker. What is not covered includes independent verification of HVTracker's own data collection accuracy, long-term workflow integration of its recommendations, or edge cases in agent scoring. Our assessment is based on the conceptual framework and the transparency of the project itself.

WHAT IT DOES

HVTracker is an open trust registry designed to provide a more robust evaluation of AI agent frameworks than traditional metrics like GitHub stars. Founder YugantM built it to address the problem that "stars measure popularity, not trustworthiness." The system scores 171 AI agents, providing a composite trust score from 0–100.

Composite trust score

Each AI agent receives a single score derived from five distinct dimensions. This score aims to offer a holistic view of an agent's reliability and security posture, moving beyond simple popularity contests. The data is refreshed automatically every four hours via staggered GitHub Actions cron jobs, completing a full cycle in 24 hours.

Five dimensions of trust

The scoring breaks down into five weighted categories. Activity (25 points) measures recent commits and release freshness. Adoption (20 points) considers GitHub stars and npm/PyPI downloads. Transparency (20 points) assesses the presence of a license, documentation, and OSSF Scorecard results. Safety (20 points) evaluates OSSF score, provenance, and signed commits. Finally, Identity (15 points) covers verification status and evidence coverage.

Evidence grading

In addition to the numerical score, HVTracker assigns an Evidence Grade (A through D). This grade reflects the number of independent signal types that could be verified. Grade A requires four or more signal types (GitHub, downloads, scorecard, provenance), while Grade D indicates verification solely from GitHub data. This system provides a confidence level for the underlying data supporting each agent's trust score.

WHAT'S INTERESTING / WHAT'S NOT

What's interesting about HVTracker is its direct challenge to the prevailing