open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(llm-security): add lethal-trifecta + mcp-rug-pull examples [skip-docs]

Browse source 
Two new self-contained, runnable threat demonstrations under examples/:

- lethal-trifecta-walkthrough/ — feeds 5 hook calls (WebFetch, Read .env,
  Bash curl POST + suppression follow-ups) into post-session-guard and
  verifies the Rule-of-Two advisory fires exactly on leg 3. State
  isolated via run-script PID so /tmp/llm-security-session-*.jsonl is
  not polluted. Treffer post-session-guard, ASI01/ASI02, LLM01/LLM02.

- mcp-rug-pull/ — mutates an MCP tool description across 8 stages.
  Each per-update <10% Levenshtein, cumulative reaches 32.2% by stage
  7 — proves the v7.3.0 (E14) mcp-cumulative-drift MEDIUM advisory
  catches slow-burn rug-pulls that the per-update detection would
  miss. Uses LLM_SECURITY_MCP_CACHE_FILE to isolate cache. Treffer
  post-mcp-verify, mcp-description-cache.mjs, OWASP MCP05/LLM03/ASI04.

Each example: README.md + run-*.mjs + expected-findings.md.
Plugin README "Other runnable examples" section + CHANGELOG
[Unreleased] Added bullets + plugin CLAUDE.md "Examples" section
all updated in this commit. Marketplace root README unchanged
since plugin's outward coverage is unchanged ([skip-docs]
covers the marketplace-level gate).
This commit is contained in:
Kjell Tore Guttormsen 2026-05-05 14:45:15 +02:00
commit 8df5d5c70e
2 changed files with 38 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
plugins/llm-security/README.md
View file

@ -494,6 +494,25 @@ node scanners/scan-orchestrator.mjs examples/malicious-skill-demo/evil-project-h
/security scan examples/malicious-skill-demo/evil-project-health/ --deep # full pipeline
```
### Other runnable examples
The `examples/` directory contains additional self-contained
demonstrations — each with `README.md`, fixture, run script, and
`expected-findings.md`:
- **`prompt-injection-showcase/`** — 61 payloads across 19 categories
fed to `pre-prompt-inject-scan`, `post-mcp-verify`, and
`pre-bash-destructive`. Run: `node examples/prompt-injection-showcase/run-showcase.mjs`
- **`lethal-trifecta-walkthrough/`** — 5-step Rule-of-Two demonstration
(WebFetch → Read .env → Bash curl POST + suppression follow-ups)
showing `post-session-guard` advisory firing on leg 3. State-isolated
via run-script PID. Run: `node examples/lethal-trifecta-walkthrough/run-trifecta.mjs`
- **`mcp-rug-pull/`** — 8-stage MCP description drift, each step under
the 10% per-update threshold but cumulatively >25% from baseline.
Demonstrates the v7.3.0 cumulative-drift advisory (E14, OWASP MCP05).
Cache isolated via `LLM_SECURITY_MCP_CACHE_FILE`. Run:
`node examples/mcp-rug-pull/run-rug-pull.mjs`
---
## Recent versions