Secure AI agent plugins with one command: Introducing tessl-audit

AI agents rely on plugins to expand their capabilities, but these plugins often operate with little oversight. Unlike traditional software packages, which can be audited with established tools like npm audit or pip-audit, AI agent plugins introduce unique security risks. A poorly designed or malicious plugin doesn’t just expose a server—it can subtly alter an agent’s reasoning, leading to unsafe decisions or data leaks.

To address this gap, the open-source tool tessl-audit was created. It scans AI agent plugins for security flaws, quality issues, and performance impacts, delivering actionable insights in under a minute. No complex setup is required—just run a single command to assess your entire plugin ecosystem.

Why AI agent plugins demand rigorous scrutiny

AI agent plugins are essentially instructions that shape an agent’s behavior. Unlike standard software dependencies, their risks extend beyond code vulnerabilities. A plugin with a security flaw might nudge an agent toward unsafe actions, expose sensitive data, or degrade performance without leaving obvious traces in logs or metrics.

Consider these critical questions about your current plugins:

• Have all plugins undergone security scanning? If not, how can you trust their integrity?
• Can you confirm plugin quality? Low-quality plugins may provide incomplete or misleading guidance, reducing agent effectiveness.
• Do plugins actually improve outcomes? Without performance evaluations, you’re left guessing whether a plugin helps or hinders your agent’s tasks.

tessl-audit provides clarity by generating three key metrics for each installed plugin:

• Security posture – Flags vulnerabilities or risky behaviors.
• Quality score – Measures how well-structured and reliable a plugin is.
• Uplift score – Determines whether a plugin enhances task performance compared to a baseline agent.

Running an audit: A three-step process in under 60 seconds

Executing tessl-audit requires no installation beyond having the Tessl CLI and an authenticated session. If you’re already using Tessl, simply navigate to your project’s root directory and run:

npx tessl-audit

The tool scans your tessl.json manifest, fetches live data from the Tessl registry, and generates a report in approximately 30 seconds. Here’s what happens under the hood:

Step 1: Context analysis

The audit first parses your tessl.json file to identify all installed plugins. This step is fast, even for projects with dozens of dependencies. The output includes a table summarizing each plugin’s context and any immediate warnings, such as missing metadata or deprecated configurations.

Step 2: Security and quality posture summary

Next, the tool compiles a detailed security posture report, highlighting the riskiest plugins and the nature of their issues. Each flagged plugin includes:

• A security status label (Advisory, Risky, or Critical).
• A unique warning code for quick reference.
• A direct link to the full security report in the Tessl registry, where you can review the findings in depth.

This centralized view eliminates the need to manually cross-reference multiple documentation sources or chase down obscure GitHub issues.

Step 3: Actionable recommendations

For each finding, tessl-audit suggests specific next steps to address the issue. These recommendations are tailored to the type of problem detected:

• Security vulnerabilities: Review the linked report and apply patches or remove the plugin if necessary.
• Low quality scores (below 80%): Use the built-in optimizer to refine the plugin’s structure and behavior:

  tessl skill review --optimize workspace/plugin-name

• Missing performance data: Generate test scenarios and evaluate the plugin’s uplift:

  tessl scenario generate --count 5 workspace/plugin-name
  tessl eval run workspace/plugin-name

Decoding the audit report: What each metric means

The audit’s output isn’t just a list of warnings—it’s a roadmap for improving your agent’s reliability and security. Here’s how to interpret the key findings:

Security status: From Advisory to Critical

Plugins flagged as Advisory may pose minor risks or require attention in specific use cases. Risky plugins exhibit behaviors that could lead to unintended consequences, while Critical plugins demand immediate action due to potential data exposure or system compromise. The report includes direct links to the Tessl registry, where you can examine the full security analysis, including the methodology behind each warning.

Quality scores: Measuring plugin reliability

A quality score below 80% indicates that a plugin may be poorly documented, inconsistently structured, or prone to errors. Low-quality plugins can mislead agents by providing incomplete or contradictory instructions. The Tessl optimizer tool helps refine these plugins by suggesting improvements, such as adding missing metadata or standardizing configuration formats.

Uplift scores: Does your plugin actually help?

An uplift score measures how much a plugin improves an agent’s performance compared to a baseline. A score of 0% means the plugin has no measurable impact, while negative scores suggest it’s actively degrading performance. To generate uplift data, the tool creates synthetic task scenarios based on the plugin’s intended use case and evaluates the agent’s success rate with and without the plugin.

The big picture: Auditing AI agent dependencies

As AI agents become integral to workflows, their plugin ecosystems grow increasingly complex. Just as developers audit software dependencies to prevent supply chain attacks, teams must now scrutinize AI agent plugins to avoid behavioral risks. Tools like tessl-audit represent a critical first step toward standardizing plugin security and quality.

With a single command, developers can now assess their entire plugin stack, identify vulnerabilities, and optimize performance. The risks posed by unchecked plugins are real and evolving, but practical solutions are emerging. Run tessl-audit today to ensure your agent’s skills are as secure and effective as your codebase.