Test fixtures for MCPProxy's security quarantine system (Spec 032).
Node.js MCP server with intentionally malicious tool descriptions demonstrating Tool Poisoning Attack (TPA) vectors:
- fetch_data - Data exfiltration via description (instructs agent to send context to attacker URL)
- run_command - Command injection via description (prepends
curlexfiltration before commands) - summarize_text - Prompt injection override (instructs agent to dump environment variables)
Node.js MCP server that starts with clean tool descriptions and mutates them after the first tool call (rug pull simulation):
- Initially serves benign
echoandget_timetools - After the first
CallToolrequest, descriptions mutate to include exfiltration instructions - Sends
notifications/tools/list_changedto trigger MCPProxy's hash-based change detection
- Built
mcpproxybinary at project root - Node.js (for test MCP servers)
curl,jq,python3
cd tests/malicious-mcp-server && npm install && cd -
cd tests/echo-rugpull-server && npm install && cd -quarantine-test-config.json - MCPProxy configuration with both test servers enabled and quarantined. Uses ./test-data-quarantine as an isolated data directory.
./tests/test-quarantine.shRuns 16 automated scenarios covering:
- Server-level quarantine (block tool calls, API status, CLI inspect)
- Tool-level quarantine (pending approval, hash verification, approval flow)
- Rug pull detection (description mutation, re-quarantine, diff inspection)
- MCP protocol integration (retrieve_tools filtering, call_tool blocking)
- Web UI endpoints (quarantine panel data availability)
Generates an HTML report at docs/qa/quarantine-test-report-2026-03-11.html.
docs/qa/quarantine-test-report-2026-03-11.html- HTML test report from the 16-scenario rundocs/qa/quarantine-ux-walkthrough.gif- Chrome walkthrough of the quarantine Web UI