Snyk and Tessl have partnered to bring security scanning to every skill in the Tessl Registry. Every public skill now carries a Snyk security score, bringing the same trust signals developers expect from package managers to the agent skills ecosystem.

Snyk's blog is a source of information and advice for developers looking to ensure the security of their software applications. From vulnerability management and secure coding practices to compliance standards and threat intelligence, it covers a wide range of topics relevant to software security. Through practical tips, case studies, and expert commentary, the blog empowers developers to identify and address security vulnerabilities in their code, helping them build and maintain secure software applications in today's threat landscape.

Snyk

Snyk and Tessl have partnered to bring automated security scanning to every skill in the Tessl Registry, a package manager for AI agent skills. Unlike traditional code scanners, this integration analyzes behavioral intent in natural language instructions, detecting prompt injection, malware payloads, toxic flow patterns, and credential mishandling. Research found 36% of skills on ClawHub contained prompt-injection techniques. Every public skill now displays a Snyk security score at browse, install, and publish time. The Tessl CLI warns developers of issues at install time, with installations pinned to exact git commit versions. The initiative draws parallels to early npm/PyPI supply chain risks and aims to establish trust signals before the ecosystem scales.

Securing the Agent Skills Registry: How Snyk and Tessl Are Setting the Standard

Why skills need their own security approach

Unifying Control for Agentic AI With Evo By Snyk