In the spec for the firewall cf.threat_score:
This field represents a risk score, 0 indicates low risk as determined by Cloudflare. Values above 10 may represent spammers or bots, and values above 40 point to bad actors on the Internet. It is rare to see values above 60, so tune your firewall rules to challenge those above 10, and to block those above 50.
On workers you have access to cf.clientTrustScore.
Is cf.clientTrustScore similar to cf.threat_score with inverted scale?