Public repo scorecards

Skylos Judge

Deterministic public grades for security, quality, and dead code. Every scorecard is tied to a pinned commit, a scan date, and a scoring version.

No request-time scanningPinned commit snapshotsStatic score, not LLM-graded
unknown

pallets/itsdangerous

Grade
A
100
Security
100
Quality
100
Dead Code
100
main @ 672971d
Scanned Apr 2, 2026
View scorecard
python

networkx/networkx

Grade
F
0
Security
0
Quality
0
Dead Code
0
main @ 61d2098
Scanned Apr 1, 2026
View scorecard
python

psf/black

Grade
F
0
Security
0
Quality
0
Dead Code
0
main @ e079b7e
Scanned Apr 1, 2026
View scorecard

Suggest a repo for Judge

Users do not manually upload grades. They suggest a public GitHub repo, we queue it, and the Judge worker runs Skylos static first and optionally Skylos agent as a second pass.

Requested analyses
Queue model only. No public score is created until the worker runs.

How future libraries get added

Judge is not a manual upload tool. Future libraries enter through a queue: repo suggestion, review, worker execution, then immutable snapshot import.

The intended execution path is:
1. Suggest repo
2. Approve suggestion
3. Run Skylos static on a pinned commit
4. Optionally run Skylos agent
5. Import snapshots and publish the scorecard

Public grades are tied to the static snapshot. Agent output is tracked separately so it can deepen the analysis later without making the grade feel arbitrary.