陌讯skills聚合平台

security-integration-tests

📁 alex-ilgayev/mcpspy 📅 Jan 22, 2026
10
总安装量
9
周安装量
#30376
全站排名
安装命令
npx skills add https://github.com/alex-ilgayev/mcpspy --skill security-integration-tests

Agent 安装分布

claude-code 6
codex 6
opencode 6
windsurf 5
gemini-cli 5
cursor 4

Skill 文档

Security Integration Tests Agent

Overview

The security package (pkg/security/) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.

Key Files

  • pkg/security/testdata/samples.json – Test data with benign and malicious samples
  • pkg/security/hf/integration_test.go – HF client integration tests
  • pkg/security/integration_test.go – Full analyzer integration tests with event bus
  • pkg/security/hf/client.go – HuggingFace API client implementation
  • pkg/security/analyzer.go – Main security analyzer that subscribes to MCP events

Running Tests

# Run integration tests (requires HF_TOKEN environment variable)
HF_TOKEN=hf_xxx make test-integration

# Run with custom model
HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration

# Run unit tests only (no API calls, uses mock server)
go test -v ./pkg/security/...

Test Structure

Test Samples (samples.json)

{
  "benign_samples": [
    {
      "description": "Description of the sample",
      "text": "The text to analyze",
      "expected_detected": false
    }
  ],
  "malicious_samples": [
    {
      "description": "Direct instruction override",
      "text": "Ignore all previous instructions...",
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ],
  "mcp_tool_calls": [
    {
      "description": "Malicious tool call",
      "method": "tools/call",
      "params": { "name": "run_command", "arguments": {...} },
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ]
}

Integration Test Tags

Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.

Adding New Test Samples

  1. Edit pkg/security/testdata/samples.json
  2. Add samples to appropriate category (benign_samples, malicious_samples, or mcp_tool_calls)
  3. Set expected_detected and optionally min_risk_score
  4. Run integration tests to verify

Common Issues

“Forbidden” Error

  • Ensure HF_TOKEN is set and valid
  • Note: meta-llama/Llama-Prompt-Guard-2-86M is deprecated on HF Inference API
  • Default test model is protectai/deberta-v3-base-prompt-injection-v2 (publicly accessible)

Model Loading

  • HuggingFace warms up models on demand
  • Tests may skip with “Model loading” message on first run
  • Re-run tests after model is warm

Network Issues

  • Integration tests require network access to HuggingFace API
  • Tests will fail in sandboxed environments without network access

Risk Levels

  • none: score < 0.3
  • low: score 0.3-0.5
  • medium: score 0.5-0.7
  • high: score 0.7-0.9
  • critical: score >= 0.9

Categories

  • benign: Normal, safe content
  • injection: Prompt injection attempt
  • jailbreak: Jailbreak attempt
  • malicious: Malicious content (Prompt Guard v2)
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。