Home/MOE/Trust report

Trust and health report

MOE - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Archived8% signal

last push 1205d ago · last release 11y

Provenance

Repository identity and fork provenance (github_public_v1).

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
15 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-6w46-j5rx-g56g
pytest@2.6.3 · requirements.txt
PYSEC-2026-1845
pytest@2.6.3 · requirements.txt
GHSA-5545-2q6w-2gh6
numpy@1.8.1 · requirements.txt
GHSA-9fq2-x9r6-wfmf
numpy@1.8.1 · requirements.txt
GHSA-f7c7-j99h-c22f
numpy@1.8.1 · requirements.txt
GHSA-fpfv-jqm9-f5jm
numpy@1.8.1 · requirements.txt
GHSA-frgw-fgh6-9g52
numpy@1.8.1 · requirements.txt
PYSEC-2017-1
numpy@1.8.1 · requirements.txt
PYSEC-2019-108
numpy@1.8.1 · requirements.txt
PYSEC-2021-856
numpy@1.8.1 · requirements.txt
PYSEC-2021-857
numpy@1.8.1 · requirements.txt
PYSEC-2023-102
scipy@0.14.0 · requirements.txt
PYSEC-2023-114
scipy@0.14.0 · requirements.txt
GHSA-rv95-4wxj-6fqq
colander@1.0b1 · requirements.txt
PYSEC-2019-167
colander@1.0b1 · requirements.txt

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/yelparchive-moe/trust.

Common questions

Is MOE maintained?
MOE is archived on GitHub. GraphCanon treats archived repositories as dormant regardless of past activity.
Is MOE safe to use?
Last scanned today (deps profile). Status: 15 low - 15 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify MOE as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is MOE a fork?
No. MOE is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does MOE have known security vulnerabilities?
Last scanned today (deps profile). Status: 15 low - 15 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the MOE trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about MOE?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for MOE. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for MOE?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.