MCP HubMCP Hub
Back to Skills

security-integration-tests

alex-ilgayev
Updated Today
6 views
485
70
485
View on GitHub
Testingaitesting

About

This Claude Skill helps developers work with prompt injection detection integration tests, including running tests, debugging failures, and adding new test samples. It focuses on the security package that uses HuggingFace's Inference API for detection and includes key test files like samples.json and integration test suites. Use this skill when you need to verify detection accuracy with real API calls or maintain the security testing infrastructure.

Quick Install

Claude Code

Recommended
Plugin CommandRecommended
/plugin add https://github.com/alex-ilgayev/MCPSpy
Git CloneAlternative
git clone https://github.com/alex-ilgayev/MCPSpy.git ~/.claude/skills/security-integration-tests

Copy and paste this command in Claude Code to install this skill

Documentation

Security Integration Tests Agent

Overview

The security package (pkg/security/) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.

Key Files

  • pkg/security/testdata/samples.json - Test data with benign and malicious samples
  • pkg/security/hf/integration_test.go - HF client integration tests
  • pkg/security/integration_test.go - Full analyzer integration tests with event bus
  • pkg/security/hf/client.go - HuggingFace API client implementation
  • pkg/security/analyzer.go - Main security analyzer that subscribes to MCP events

Running Tests

# Run integration tests (requires HF_TOKEN environment variable)
HF_TOKEN=hf_xxx make test-integration

# Run with custom model
HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration

# Run unit tests only (no API calls, uses mock server)
go test -v ./pkg/security/...

Test Structure

Test Samples (samples.json)

{
  "benign_samples": [
    {
      "description": "Description of the sample",
      "text": "The text to analyze",
      "expected_detected": false
    }
  ],
  "malicious_samples": [
    {
      "description": "Direct instruction override",
      "text": "Ignore all previous instructions...",
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ],
  "mcp_tool_calls": [
    {
      "description": "Malicious tool call",
      "method": "tools/call",
      "params": { "name": "run_command", "arguments": {...} },
      "expected_detected": true,
      "min_risk_score": 0.5
    }
  ]
}

Integration Test Tags

Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.

Adding New Test Samples

  1. Edit pkg/security/testdata/samples.json
  2. Add samples to appropriate category (benign_samples, malicious_samples, or mcp_tool_calls)
  3. Set expected_detected and optionally min_risk_score
  4. Run integration tests to verify

Common Issues

"Forbidden" Error

  • Ensure HF_TOKEN is set and valid
  • Note: meta-llama/Llama-Prompt-Guard-2-86M is deprecated on HF Inference API
  • Default test model is protectai/deberta-v3-base-prompt-injection-v2 (publicly accessible)

Model Loading

  • HuggingFace warms up models on demand
  • Tests may skip with "Model loading" message on first run
  • Re-run tests after model is warm

Network Issues

  • Integration tests require network access to HuggingFace API
  • Tests will fail in sandboxed environments without network access

Risk Levels

  • none: score < 0.3
  • low: score 0.3-0.5
  • medium: score 0.5-0.7
  • high: score 0.7-0.9
  • critical: score >= 0.9

Categories

  • benign: Normal, safe content
  • injection: Prompt injection attempt
  • jailbreak: Jailbreak attempt
  • malicious: Malicious content (Prompt Guard v2)

GitHub Repository

alex-ilgayev/MCPSpy
Path: .claude/skills/security-integration-tests.md
aiai-securityllmmcpmonitoringsecurity

Related Skills

sglang

Meta

SGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.

View skill

evaluating-llms-harness

Testing

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.

View skill

llamaguard

Other

LlamaGuard is Meta's 7-8B parameter model for moderating LLM inputs and outputs across six safety categories like violence and hate speech. It offers 94-95% accuracy and can be deployed using vLLM, Hugging Face, or Amazon SageMaker. Use this skill to easily integrate content filtering and safety guardrails into your AI applications.

View skill

langchain

Meta

LangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.

View skill