Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.prowler.com/llms.txt

Use this file to discover all available pages before exploring further.

End-to-end cloud security and compliance from inside Claude Code, powered by the Prowler MCP server. The plugin lets Claude walk a Prowler Cloud-connected account through a compliance assessment and remediate findings until the chosen security or industry framework is compliant.
Preview: this plugin is under active development. Please report issues on GitHub or join the Slack community for feedback.

Requirements

Claude Code

Installed and signed in. See the official install guide.

Prowler Cloud account

The free tier is enough to start. Sign up at cloud.prowler.com.

Prowler API key

Create one at cloud.prowler.com/profile.

Installation

Configuration

On first install, Claude Code prompts for your Prowler API key. The value is stored securely (macOS keychain or ~/.claude/.credentials.json) and used to authenticate against Prowler Cloud.
To rotate the key, uninstall and reinstall the plugin — Claude Code will prompt again.

Verify the installation

In a Claude Code session: 
/mcp          → "prowler" appears as a connected server
/plugin       → "prowler" enabled, skill listed as prowler:framework-compliance-triage
If /mcp reports the prowler server as failed, the most common cause is a rejected API key — re-issue one in Prowler Cloud and reinstall the plugin so it re-prompts.

Usage

Open a conversation that mentions the framework you want to comply with. Examples:
  • “Make my AWS production account compliant with CIS 4.0.”
  • “Make my current Terraform project compliant with Prowler ThreatScore Compliance Framework based on the latest scan results.”
  • “Help me get to 100% on PCI-DSS for this GCP project.”
You pick a primary tool (Terraform, gh / az / aws CLI, web console, or mixed) and a mode:

Claude-assisted (default)

Claude shows each fix — target resource, exact commands, side effects, reversibility — and waits for your go-ahead before applying.

Claude autonomous

Claude presents a single up-front plan grouped by shared fixes, waits for one confirmation, then proceeds. It pauses mid-loop if a fix has wide blast radius or a finding is not applicable.
Claude tracks progress in a markdown report under .prowler/ at your project root — one file per framework × account. Open it any time to see exactly where the flow is. When all findings are addressed, Claude proposes a fresh Prowler scan to verify everything end-to-end.

Uninstalling

/plugin uninstall prowler@prowler-plugins
/plugin marketplace remove prowler-plugins
The stored API key is removed automatically.

Troubleshooting

SymptomLikely causeFix
/mcp shows prowler as failedRejected API keyGenerate a new one in Prowler Cloud and reinstall the plugin to re-prompt.
Skill not invoked when expectedThe skill description didn’t match the promptMention the framework name plus “compliance” or “compliant” in your prompt.
”Framework not supported”Prowler Hub does not list the framework for that providerOpen an issue or PR at github.com/prowler-cloud/prowler.