MCP HubMCP Hub
スキル一覧に戻る

security-integration-tests

alex-ilgayev
更新日 Today
68 閲覧
485
70
485
GitHubで表示
テストaitesting

について

このClaudeスキルは、開発者がプロンプトインジェクション検出の統合テストを扱う際に、テストの実行、失敗のデバッグ、新しいテストサンプルの追加などを支援します。HuggingFaceのInference APIを検出に使用するセキュリティパッケージに焦点を当て、samples.jsonや統合テストスイートなどの主要なテストファイルを含みます。実際のAPI呼び出しで検出精度を検証する必要がある場合や、セキュリティテストインフラを維持する際に、このスキルをご利用ください。

クイックインストール

Claude Code

推奨
プラグインコマンド推奨
/plugin add https://github.com/alex-ilgayev/MCPSpy
Git クローン代替
git clone https://github.com/alex-ilgayev/MCPSpy.git ~/.claude/skills/security-integration-tests

このコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします

ドキュメント

Security Integration Tests Agent

Overview

The security package (pkg/security/) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.

Key Files

  • pkg/security/testdata/samples.json - Test data with benign and malicious samples
  • pkg/security/hf/integration_test.go - HF client integration tests
  • pkg/security/integration_test.go - Full analyzer integration tests with event bus
  • pkg/security/hf/client.go - HuggingFace API client implementation
  • pkg/security/analyzer.go - Main security analyzer that subscribes to MCP events

Running Tests

# Run integration tests (requires HF_TOKEN environment variable)
HF_TOKEN=hf_xxx make test-integration

# Run with custom model
HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration

# Run unit tests only (no API calls, uses mock server)
go test -v ./pkg/security/...

Test Structure

Test Samples (samples.json)

{
  "benign_samples": [
    {
      "description": "Description of the sample",
      "text": "The text to analyze",
      "expected_detected": false
    }
  ],
  "malicious_samples": [
    {
      "description": "Direct instruction override",
      "text": "Ignore all previous instructions...",
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ],
  "mcp_tool_calls": [
    {
      "description": "Malicious tool call",
      "method": "tools/call",
      "params": { "name": "run_command", "arguments": {...} },
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ]
}

Integration Test Tags

Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.

Adding New Test Samples

  1. Edit pkg/security/testdata/samples.json
  2. Add samples to appropriate category (benign_samples, malicious_samples, or mcp_tool_calls)
  3. Set expected_detected and optionally min_risk_score
  4. Run integration tests to verify

Common Issues

"Forbidden" Error

  • Ensure HF_TOKEN is set and valid
  • Note: meta-llama/Llama-Prompt-Guard-2-86M is deprecated on HF Inference API
  • Default test model is protectai/deberta-v3-base-prompt-injection-v2 (publicly accessible)

Model Loading

  • HuggingFace warms up models on demand
  • Tests may skip with "Model loading" message on first run
  • Re-run tests after model is warm

Network Issues

  • Integration tests require network access to HuggingFace API
  • Tests will fail in sandboxed environments without network access

Risk Levels

  • none: score < 0.3
  • low: score 0.3-0.5
  • medium: score 0.5-0.7
  • high: score 0.7-0.9
  • critical: score >= 0.9

Categories

  • benign: Normal, safe content
  • injection: Prompt injection attempt
  • jailbreak: Jailbreak attempt
  • malicious: Malicious content (Prompt Guard v2)

GitHub リポジトリ

alex-ilgayev/MCPSpy
パス: .claude/skills/security-integration-tests.md
aiai-securityllmmcpmonitoringsecurity

関連スキル

content-collections

メタ

This skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.

スキルを見る

evaluating-llms-harness

テスト

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.

スキルを見る

sglang

メタ

SGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.

スキルを見る

cloudflare-turnstile

メタ

This skill provides comprehensive guidance for implementing Cloudflare Turnstile as a CAPTCHA-alternative bot protection system. It covers integration for forms, login pages, API endpoints, and frameworks like React/Next.js/Hono, while handling invisible challenges that maintain user experience. Use it when migrating from reCAPTCHA, debugging error codes, or implementing token validation and E2E tests.

スキルを見る