jgamblin/openclawcves: Grade C (73/100)

jgamblin/openclawcves

/ 100

Documentation74

Engineering62

Health100

Python165MIT1d ago

Grade a repo

Good shape overall. A few tweaks would push it into the top tier.

Tracking OpenClaw CVEs

Documentation

1 checks need work

Contributing guide5pt

No CONTRIBUTING.md found (−47 pts base + up to −53 pts more for content).

→ Add a CONTRIBUTING.md telling newcomers how to get involved. Include setup, code style, test, and PR instructions.

README12pt

README is present.

Install and run instructions9pt

README documents how to install the project.

License6pt

100

Licensed under MIT.

Engineering

2 checks need work

Linting and formatting5pt

No linter or formatter config found.

→ Add a linter config such as .eslintrc.json, .prettierrc, ruff.toml, or .golangci.yml to enforce consistent code style.

Issue and PR templates6pt

No issue or PR templates found (−100 pts).

→ Add .github/ISSUE_TEMPLATE/ with bug_report.md and feature_request.md to guide contributors. It dramatically improves issue quality.

Reproducibility6pt

Lockfile present (requirements.txt). Installs are reproducible.

Tests18pt

Test files detected (tests).

CI/CD14pt

CI is configured (.github/workflows/tests.yml).

Project health

100

0 checks need work

Dependency manifest6pt

100

Dependency manifest found (requirements.txt).

Repository metadata5pt

100

Repository has a description.

Activity5pt

100

Actively maintained (pushed within the last month).

Housekeeping3pt

100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

—
Commits (30d / 90d)
8
Forks
0
Releases

Community

—
Community health
—
authors own >50% of commits
165
Watchers

Responsiveness

—
Median issue response
—
Median PR merge time
1
Open issues

Repository files17 root entries

.github
Good: CI is configured (.github/workflows/tests.yml).
cve-records
templates
tests
Good: Test files detected (tests).
.gitignore
Good: .gitignore present.
ADVISORIES.md
CHANGELOG.md
cve-pipeline-status.json
cves.json
ghsa-advisories-full.json
ghsa-advisories.json
LICENSE
Good: Licensed under MIT.
README.md
Good: README is present.
Good: README is well structured with multiple sections.
Issue: No screenshots or images in the README (−20 pts).Fix: Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
Good: README has code examples.
Good: README links to a live demo or deployed app.
Good: README includes status badges.
Good: README documents how to install the project.
Good: README documents how to run the project.
repo-only-ghsas.json
requirements.txt
Good: Lockfile present (requirements.txt). Installs are reproducible.
Good: Dependency manifest found (requirements.txt).
SECURITY.md
Good: Security policy present.
update_readme.py