security-integration-tests

Security Integration Tests Agent

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-integration-tests" with this command: npx skills add alex-ilgayev/mcpspy/alex-ilgayev-mcpspy-security-integration-tests

Security Integration Tests Agent

Overview

The security package (pkg/security/ ) provides prompt injection detection using the HuggingFace Inference API. Integration tests verify detection accuracy with real API calls.

Key Files

  • pkg/security/testdata/samples.json

  • Test data with benign and malicious samples

  • pkg/security/hf/integration_test.go

  • HF client integration tests

  • pkg/security/integration_test.go

  • Full analyzer integration tests with event bus

  • pkg/security/hf/client.go

  • HuggingFace API client implementation

  • pkg/security/analyzer.go

  • Main security analyzer that subscribes to MCP events

Running Tests

Run integration tests (requires HF_TOKEN environment variable)

HF_TOKEN=hf_xxx make test-integration

Run with custom model

HF_TOKEN=hf_xxx HF_MODEL=protectai/deberta-v3-base-prompt-injection-v2 make test-integration

Run unit tests only (no API calls, uses mock server)

go test -v ./pkg/security/...

Test Structure

Test Samples (samples.json )

{ "benign_samples": [ { "description": "Description of the sample", "text": "The text to analyze", "expected_detected": false } ], "malicious_samples": [ { "description": "Direct instruction override", "text": "Ignore all previous instructions...", "expected_detected": true, "min_risk_score": 0.5 } ], "mcp_tool_calls": [ { "description": "Malicious tool call", "method": "tools/call", "params": { "name": "run_command", "arguments": {...} }, "expected_detected": true, "min_risk_score": 0.5 } ] }

Integration Test Tags

Integration tests use the build tag //go:build integration and are excluded from regular go test ./... runs.

Adding New Test Samples

  • Edit pkg/security/testdata/samples.json

  • Add samples to appropriate category (benign_samples, malicious_samples, or mcp_tool_calls)

  • Set expected_detected and optionally min_risk_score

  • Run integration tests to verify

Common Issues

"Forbidden" Error

  • Ensure HF_TOKEN is set and valid

  • Note: meta-llama/Llama-Prompt-Guard-2-86M is deprecated on HF Inference API

  • Default test model is protectai/deberta-v3-base-prompt-injection-v2 (publicly accessible)

Model Loading

  • HuggingFace warms up models on demand

  • Tests may skip with "Model loading" message on first run

  • Re-run tests after model is warm

Network Issues

  • Integration tests require network access to HuggingFace API

  • Tests will fail in sandboxed environments without network access

Risk Levels

  • none : score < 0.3

  • low : score 0.3-0.5

  • medium : score 0.5-0.7

  • high : score 0.7-0.9

  • critical : score >= 0.9

Categories

  • benign : Normal, safe content

  • injection : Prompt injection attempt

  • jailbreak : Jailbreak attempt

  • malicious : Malicious content (Prompt Guard v2)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

go-testing

No summary provided by upstream source.

Repository SourceNeeds Review
14-alex-ilgayev
General

git-commit-creator

No summary provided by upstream source.

Repository SourceNeeds Review
11-alex-ilgayev
Coding

github-issue-creator

No summary provided by upstream source.

Repository SourceNeeds Review
8-alex-ilgayev
Security

compliance-evidence-assembler

把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.

Archived SourceRecently Updated
--52yuanchangxing