About Sigil Trust
The Problem
AI agents use tools on your behalf — installing packages, calling APIs, running code. But the tool ecosystem is growing faster than anyone can vet. Supply chain attacks, malicious packages, and abandoned projects are real threats, and they disproportionately affect people who are least equipped to spot them.
Star ratings are anonymous and gameable. README badges are self-awarded. There's no good way to answer a simple question: has anyone I should trust actually used this tool and had it work?
How Sigil Helps
Sigil works alongside your AI agent. When a tool works well — or doesn't — Sigil records a signed trust signal tied to a real cryptographic identity. Over time, these signals build up into trust scores that anyone can check before using a tool.
Unlike anonymous ratings, every signal is tied to an identity with its own history. Scores can't be gamed by creating throwaway accounts — an identity's weight grows as it builds a track record across many tools.
Get the CLI to start contributing trust signals for the tools you use.
How Trust Scores Work
When someone uses a tool, they (or their agent) can submit a trust signal recording the outcome — positive or negative. Each signal is signed by the submitter's cryptographic identity and stored on the trust service.
Scores are built from three factors:
- Source reputation — identities with longer histories across more tools carry more weight.
- Source diversity — signals from many independent identities matter more than repeated signals from one.
- Recency — recent signals outweigh old ones, so scores reflect what's working now.
Scores range from 0.0 to 1.0. Tools with fewer than 5 unique sources are marked provisional.
Score Thresholds
| 0.70+ | Trusted — strong positive signal from multiple independent sources. |
| 0.30–0.69 | Mixed — some negative signals or limited source diversity. |
| <0.30 | Low trust — predominantly negative signals. |
| ? | Unknown — insufficient data to calculate a score. |
Privacy
Sigil is designed so you can contribute trust signals without exposing personal information.
- Your identity is a cryptographic key pair — a
did:keygenerated locally on your machine. It's not linked to your name, email, or any account unless you choose to register adid:web. - What's visible: tool URI, outcome (positive/negative), optional metadata (tool version, function name), and a truncated ID prefix in list views.
- What's not visible: your full identity is redacted in list responses. There's no way to enumerate all tools a specific identity has signaled on.
- Deletion: you can retract any signal you've submitted
using
sigil trust retract. Retracted signals are removed from scores and listings. - Data retention: older signals are compacted into aggregate summaries. Time-decay reduces the weight of old signals in trust scores.
Positive and Negative Signals
Positive
Submitted when a tool works as expected. The system deduplicates: only one positive signal per identity per tool version is stored. If no version is provided, deduplication uses a 24-hour window. Agents can signal after every use without manual effort — duplicates are handled automatically.
Negative
Always stored (never deduplicated) and require confirmation before
sending. They include structured information about what went wrong —
parameter values are recorded as type shapes (e.g.,
<string>, <int>) rather than
raw values.
Version Anchoring
Signals are most useful when they include a version. "3 sources across
2 versions" is a stronger indicator than "3 signals on unknown versions."
Always pass --version when using the CLI.
URI Conventions
Trust signals are anchored to a tool URI. Consistency matters — signals for the same tool should converge on one URI. When in doubt, use the tool's primary source repository as the authority.
| Tool type | URI pattern | Example |
|---|---|---|
| GitHub project | https://github.com/{org}/{repo} |
https://github.com/cli/cli |
| npm package | https://npmjs.com/{scope/pkg} |
https://npmjs.com/@upstash/context7-mcp |
| Platform integration | https://{platform-domain}/{plugin} |
https://claude.ai/atlassian |
| Marketplace plugin | https://{marketplace-domain}/{slug} |
https://marketplace.visualstudio.com/some-extension |
Get Started
Download the CLI from the download page, then:
sigil trust check https://github.com/user/repo sigil trust attest https://github.com/user/repo --outcome=success
Embed a Badge
[](https://sigil-trust.dev/tool/https/github.com/user/repo)