security-integration-tests
π―Skillfrom alex-ilgayev/mcpspy
|Validates security mechanisms and integration points for MCPSpy's eBPF-based MCP communication monitoring system through comprehensive test scenarios.
Installation
npx skills add https://github.com/alex-ilgayev/mcpspy --skill security-integration-testsSkill Details
Overview
# MCPSpy - MCP Monitoring with eBPF π΅οΈβ¨
[](https://github.com/alex-ilgayev/mcpspy/actions/workflows/ci.yml)
[](https://golang.org)
[](LICENSE)
ββββ ββββ ββββββββββββββ βββββββββββββββ βββ βββ βββββ βββββββββββββββββββββββββββββββββββββββββ ββββ ββββββββββββββ ββββββββββββββββββββββββ βββββββ ββββββββββββββ βββββββ βββββββββββββββ βββββ βββ βββ ββββββββββββββ βββββββββββ βββ βββ βββ ββββββββββ βββββββββββ βββ MCPSpy - Real-time monitoring for Model Context Protocol communication using eBPF
Overview
MCPSpy is a powerful command-line tool that leverages [eBPF (Extended Berkeley Packet Filter)](https://ebpf.io/) technology to monitor [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) communication at the kernel level. It provides real-time visibility into JSON-RPC 2.0 messages exchanged between MCP clients and servers by hooking into low-level system calls.
The Model Context Protocol supports three transport protocols for communication:
- Stdio: Communication over standard input/output streams
- Streamable HTTP: Direct HTTP request/response communication with server-sent events
- SSE (Server-Sent Events): HTTP-based streaming communication (_Deprecated_)
MCPSpy supports monitoring of both Stdio and HTTP/HTTPS transports (including Server-Sent Events), providing comprehensive coverage of MCP communication channels.
Why MCPSpy?
The Model Context Protocol is becoming the standard for AI tool integration, but understanding what's happening under the hood can be challenging. MCPSpy addresses this by providing:
- π Security Analysis: Monitor what data is being transmitted, detect PII leakage, and audit tool executions
- π‘οΈ Prompt Injection Detection: Real-time detection of prompt injection and jailbreak attempts using ML models
- π Debugging: Troubleshoot MCP integrations by seeing the actual message flow
- π Performance Monitoring: Track message patterns and identify bottlenecks
- π Compliance: Ensure MCP communications meet regulatory requirements
- π Learning: Understand how MCP works by observing real communications
Installation
Prerequisites
- Linux kernel version 5.15 or later
- Root privileges (required for eBPF)
Download Pre-built Binary (Auto-detect OS + Arch)
Download the latest release from the [release page](https://github.com/alex-ilgayev/mcpspy/releases):
```bash
# Set platform-aware binary name
BIN="mcpspy-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')"
# Download the correct binary
wget "https://github.com/alex-ilgayev/mcpspy/releases/latest/download/${BIN}"
# Make it executable and move to a directory in your PATH
chmod +x "${BIN}"
sudo mv "${BIN}" /usr/local/bin/mcpspy
```
> β Note: Currently supported platforms: linux-amd64, linux-arm64
Build from Source
#### Install Dependencies
First, install the required system dependencies:
```bash
sudo apt-get update
# Install build essentials, eBPF dependencies
sudo apt-get install -y clang clang-format llvm make libbpf-dev build-essential
# Install Python 3 and pip (for e2e tests)
sudo apt-get install -y python3 python3-pip python3-venv
# Install docker and buildx (if not already installed)
sudo apt-get install -y docker.io docker-buildx
```
#### Install Go
MCPSpy requires Go 1.24 or later. Install Go using one of these methods:
Option 1: Install from the official Go website (Recommended)
```bash
# Download and install Go 1.24.1 (adjust version as needed)
wget https://go.dev/dl/go1.24.1.linux-amd64.tar.gz
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.24.1.linux-amd64.tar.gz