Claudius

Methodology

Claudius ranks Claude plugins, MCP servers, skills, subagents, hooks and slash commands using public, verifiable signals. Data refreshes daily via an automated pipeline; metric numbers are pulled directly from the GitHub, npm, PyPI and OSV.dev APIs and are never hand-edited.

Default ranking

A composite score, weighted:

  • 40% — popularity (log-scaled GitHub stars)
  • 30% — trust score (below)
  • 20% — growth (log-scaled 30-day star delta)
  • 10% — recency of last commit

Every column is sortable if you prefer a single signal.

Trust score (0–100)

Starts at 50, then:

  • +20 official / first-party, +10 established community org
  • +15 commit in last 30 days · +8 within 180 days · −15 dormant >1 year
  • +8 OSI license · −5 no license
  • up to +10 social proof (stars, capped at 10k)
  • +5 repo older than a year
  • −25 per known security advisory (OSV.dev / GitHub Advisory DB, capped at −40)

Grades: A ≥ 85 · B ≥ 70 · C ≥ 55 · D ≥ 40 · F < 40. A trust score is a heuristic, not an audit — always review what you install. Extensions execute with your permissions.

Discovery & curation

New entries are discovered daily from the official MCP registry, GitHub topics, npm and community marketplaces, then reviewed by an automated curation pass that filters forks, mirrors, name-squats and non-extensions. Precision over recall: uncertain candidates are rejected. Delisted repos are flagged, never silently dropped.