We've been building toward a registry that gives developers everything they need to make a good decision about a skill before they install it. Quality. Impact. And now, security.
Starting today, skills in the Tessl Registry carry a Snyk security score.
What the registry already gave you
A core idea around the Tessl Registry is that agent skills deserve the same tooling discipline as any other software dependency. You wouldn't install an npm package without knowing who published it, whether it's actively maintained, or whether it does what it claims. Skills should be no different.
So we built quality scores. Every skill in the registry goes through automated review. Are the descriptions clear enough for an agent to match the skill to the right user intent? Are there concrete usage examples? Is error handling structured? A skill scoring 40% on quality isn't broken, it just won't get invoked reliably. The review identifies exactly what to fix.
We've put this into practice across the ecosystem when we ran tessl skill review on Matteo Collina's skills repo (Node.js TSC member), Brian Lovin's agent config, and many others. In every case: we run the review, identify what's holding the skill back, submit concrete fixes upstream.
We then built Impact scores. Skills get evaluated against real-world scenarios so you can see whether they actually improve agent performance in practice, not just in theory. Seeing an agent perform better with the skill vs without is what distinguishes a skill that looks good from one that works.
Quality tells you whether the skill is well-written. Impact tells you whether it improves your agent. But there was a third question we hadn't fully answered yet: is it safe to use?
Why skills need their own security model
The agent ecosystem is where open source was fifteen years ago — rapid innovation with very little security infrastructure, but agent skills introduce a new challenge: they shape autonomous behavior through natural language, meaning we need models that understand intent. What we're doing by integrating Snyk directly into the Tessl Registry is establishing those vital trust signals early. We're ensuring the agent ecosystem grows with security built in, not bolted on afterward.
Manoj Nair, Chief Innovation Officer at Snyk.
Snyk's ToxicSkills research scanned nearly 4,000 public skills and found that 36% contained prompt injection techniques. They've documented real-world attacks where three lines of markdown in a skill file were enough to instruct an agent to read SSH keys and exfiltrate them to attacker infrastructure. Standard scanners skip markdown files entirely. The exploit is in plain English.
Snyk's scanning engine, built on research from Invariant Labs, is designed specifically for this. It uses calibrated models combined with deterministic rules to analyze the behavioral intent behind a skill's instructions: prompt injection (including obfuscated and base64-encoded variants), malware payloads, credential mishandling, toxic flow patterns, and suspicious external downloads. That's what the score reflects.
Beyond the score, we’ve added a security tab in each skill so you can see the results of the security scan, including more details on the types of security issues that exist on the skill, and why it was specifically flagged. Of course, if your skill isn’t malicious, but is being flagged by the security scan, you can let us know by following the report incorrect finding link on the security tab, and our team will review.
What you will see in the registry today
Security scores on every skill page. Each skill now displays a Snyk security rating alongside quality and impact metrics. Visible before you install, not buried in a separate report.
Security scores in search and browse. You don't have to click into a skill to see the score. It's on the card. Browse by any criteria and the security signal is right there.
Under the hood: every skill submitted to the Tessl Registry is automatically sent to Snyk's Batch Skill Analysis API. The scan runs asynchronously (typically 5–15 seconds) and the result is stored with the skill.
The integration also extends across the lifecycle:
- At publish time: New skills are scanned before they're listed.
- At browse time: Security scores are visible in the registry UI.
- At install time: The Tessl CLI will warn you when a skill has known security issues. You can also install a pinned version of a skill to ensure future installations stay secure.
- At authoring time: We're building Snyk's signals into the skill authoring workflow, so detection becomes a feedback loop, not just a gate.
Security results right in your CLI
At the command line, Snyk is integrated into both the search and install commands. During the search flow, as you scroll through the skills returned, you get a full breakdown of Quality, Impact and Security scores, as you can see below. This skill has a critical security issue.
image5Furthermore, if you attempt to install a skill that has a high or critical security issue, you will see a gate with more information about the issue. You can choose to proceed with the installation, or back out and look at the issues in more depth before proceeding. This gives you insight into any issues in your skills at the point of installation on to your local machine.
image6
The installation of a skill is always pinned to a specific version. What this means is that if there is a difference between the last scanned version on the Tessl registry and the version on GitHub, you will install at the last secure commit. If you choose to run tessl update, you will bump up to the latest version, but we may not have security data on that version yet. This ensures you don’t see a green security scan, and inadvertently install a different version with a critical issue!
Three signals. One decision point.
Quality, impact, and security aren't three separate things, they're three angles on the same question: should I install this skill?
Quality without impact means a well-written skill that doesn't actually make your agent better. Impact without quality means you got lucky. Either without security means you're flying blind on risk.
The Tessl Registry now surfaces all three at the point where it matters: before you install. That's what a package manager is supposed to do.
Getting started
If you're using agent skills today:
- Browse the Tessl Registry and check the Snyk security scores on the skills you use.
- Install skills at the exact versions you see in the Snyk scans, from the registry.
- Run agent-scan locally to scan your own agent configurations, MCP servers, and installed skills.
- Read the ToxicSkills research for a deeper understanding of the threat landscape and the eight-category taxonomy we use to classify skill-level risks.
