← Back to Skills

Prowler Ci

🌐Community
by prowler-cloud · vlatest · Repository

Prowler Ci automates security checks within your CI/CD pipelines, proactively identifying vulnerabilities and misconfigurations before deployment.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add prowler-ci npx -- -y @trustedskills/prowler-ci
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "prowler-ci": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/prowler-ci"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

Prowler Ci automates security checks within your CI/CD pipelines, specifically focusing on GitHub Actions workflows located under .github/workflows/. It helps diagnose why pull requests (PRs) fail checks related to title validation, changelog updates, conflict markers, and secret scanning. This skill allows agents to understand which workflows run for specific code changes and troubleshoot path-filtering behavior.

When to use it

  • When reading or modifying GitHub Actions workflows under .github/workflows/.
  • To explain why a pull request is failing checks (e.g., title, changelog, conflict markers, secret scanning).
  • To determine which workflows are triggered by UI, API, or SDK changes and understand the reasons behind them.
  • When diagnosing issues with path-filtering behavior in GitHub Actions workflows.

Key capabilities

  • PR Title Validation: Checks if pull request titles adhere to Conventional Commits standards.
  • Changelog Gate: Verifies that a changelog is updated or the no-changelog label is applied.
  • Conflict Marker Check: Identifies and flags conflict markers (<<<<<<<, =======, >>>>>>>) in pull requests.
  • Secret Scanning (TruffleHog): Scans for leaked secrets, including patterns like OpenAI API keys, AWS Access Keys, GitHub tokens, and Base64-encoded credentials.
  • Workflow Path Filtering: Helps understand why a workflow did or didn't run based on file changes.

Example prompts

  • "Explain why this pull request failed its checks."
  • "What workflows are triggered by changes to the UI code?"
  • "Why isn’t this workflow running for these changed files?"
  • "Analyze this TruffleHog report and identify potential false positives in test files."

Tips & gotchas

  • This skill focuses specifically on GitHub Actions workflows.
  • Be aware of common TruffleHog false positives, particularly within test files. Use obviously fake credentials (e.g., api_key = "sk-fake-test-key-for-unit-testing-only") to avoid triggering the scanner in those cases.
  • If a real secret is flagged by TruffleHog, immediately remove it from the code and rotate the credential.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
prowler-cloud
Installs
42
Repository (canonical source) →

🌐 Community

Passed automated security scans.