I don't know if it already exists but why can't we use chainanalysis technique to see if our privacy score is good or bad.
You can. Go and pay Chainalysis, Elliptic, or some similar company large sums of money for their services. These companies aren't going to hand out their service for free when they can charge centralized exchanges huge sums of money for the ability to invade your privacy.
We can have a website or tool that performs chainanalysis on a particular bitcoin address and gives the output as a rating from 1 to 10 (bad to good) and 'may be' also list the connected addresses.
A score of 1 to 10 is completely meaningless. You need a breakdown of their conclusions and how they reached them.
The website/tool can display a message "'short message' + current time + OTP generated at that time(valid for few minutes)" - we should be signing the message with this format only
So the service in question can then link your bitcoin addresses to your IP, your browser fingerprint, and what other bitcoin addresses you look up. Not great for privacy.
Can anybody else suggest some good methods ?
As RHavar says, these simple heuristics are easy to fool if you are paying attention. Purposely send your change to a different address type from the inputs. Obscure which values are change and which are not. Use multiple change addresses. Carefully use coin control so all your outputs are of similar value. Do not reuse addresses. Use common lock times, versions, and sequences, to make your transactions less unique. Make use of coinjoins and mixers. Do all this over Tor.
By far and away the biggest risk to your privacy score is completing KYC and using centralized exchanges.