Trust Badges
Display your agent's trust score and trust level as a badge in your README.
What Trust Badges Show
Trust badges are dynamic shields.io-style images that display two pieces of information:
- Trust score (0-100) -- a composite measure of your agent's security posture
- Trust level (discovered, scanned, claimed, verified, certified)
The badge color reflects the score range:
| Score | Color | Meaning |
|---|---|---|
80-100 | Green | Strong security posture. Scans pass, publisher verified. |
60-79 | Yellow-green | Moderate posture. Some findings remain. |
40-59 | Yellow | Baseline posture. Scans run but significant findings. |
0-39 | Red | Minimal data. Package discovered but not yet scanned or claimed. |
Add a Badge Manually
Add the following Markdown to your README. Replace PACKAGE_NAME with your package name (URL-encoded if it contains slashes).
[](https://opena2a.org/trust/PACKAGE_NAME)
[](https://opena2a.org/trust/%40anthropic%2Fmcp-server-fetch)
Automate with GitHub Actions
Use the opena2a-org/trust-badge-action GitHub Action to automatically update your trust badge on a weekly schedule. The action runs opena2a trust, generates the badge URL, and updates your README if the score has changed.
name: Trust Badge
on:
schedule:
- cron: '0 0 * * 1' # Every Monday at midnight UTC
workflow_dispatch: # Manual trigger
jobs:
badge:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: opena2a-org/trust-badge-action@v1
with:
package-name: ${{ github.event.repository.name }}The action commits directly to your default branch when the badge changes. If you use branch protection, configure the action to open a PR instead by adding create-pr: true to the action inputs.
Badge Placement
Place the badge at the top of your README alongside other status badges (CI, coverage, npm version). Trust badges work in any Markdown renderer that supports image URLs: GitHub, GitLab, Bitbucket, npm package pages, and documentation sites.