prowler-compliance
Creates and manages Prowler compliance frameworks. Trigger: When working with compliance frameworks (CIS, NIST, PCI-DSS, SOC2, GDPR, ISO27001, ENS, MITRE ATT&CK).
Install
mkdir -p .claude/skills/prowler-compliance && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6537" && unzip -o skill.zip -d .claude/skills/prowler-compliance && rm skill.zipInstalls to .claude/skills/prowler-compliance
About this skill
When to Use
Use this skill when:
- Creating a new compliance framework for any provider
- Adding requirements to existing frameworks
- Mapping checks to compliance controls
- Understanding compliance framework structures and attributes
Compliance Framework Location
Frameworks are JSON files located in: prowler/compliance/{provider}/{framework_name}_{provider}.json
Supported Providers:
aws- Amazon Web Servicesazure- Microsoft Azuregcp- Google Cloud Platformkubernetes- Kubernetesgithub- GitHubm365- Microsoft 365alibabacloud- Alibaba Cloudcloudflare- Cloudflareoraclecloud- Oracle Cloudoci- Oracle Cloud Infrastructurenhn- NHN Cloudmongodbatlas- MongoDB Atlasiac- Infrastructure as Codellm- Large Language Models
Base Framework Structure
All compliance frameworks share this base structure:
{
"Framework": "FRAMEWORK_NAME",
"Name": "Full Framework Name with Version",
"Version": "X.X",
"Provider": "PROVIDER",
"Description": "Framework description...",
"Requirements": [
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional requirement name",
"Attributes": [...],
"Checks": ["check_name_1", "check_name_2"]
}
]
}
Framework-Specific Attribute Structures
Each framework type has its own attribute model. Below are the exact structures used by Prowler:
CIS (Center for Internet Security)
Framework ID format: cis_{version}_{provider} (e.g., cis_5.0_aws)
{
"Id": "1.1",
"Description": "Maintain current contact details",
"Checks": ["account_maintain_current_contact_details"],
"Attributes": [
{
"Section": "1 Identity and Access Management",
"SubSection": "Optional subsection",
"Profile": "Level 1",
"AssessmentStatus": "Automated",
"Description": "Detailed attribute description",
"RationaleStatement": "Why this control matters",
"ImpactStatement": "Impact of implementing this control",
"RemediationProcedure": "Steps to fix the issue",
"AuditProcedure": "Steps to verify compliance",
"AdditionalInformation": "Extra notes",
"DefaultValue": "Default configuration value",
"References": "https://docs.example.com/reference"
}
]
}
Profile values: Level 1, Level 2, E3 Level 1, E3 Level 2, E5 Level 1, E5 Level 2
AssessmentStatus values: Automated, Manual
ISO 27001
Framework ID format: iso27001_{year}_{provider} (e.g., iso27001_2022_aws)
{
"Id": "A.5.1",
"Description": "Policies for information security should be defined...",
"Name": "Policies for information security",
"Checks": ["securityhub_enabled"],
"Attributes": [
{
"Category": "A.5 Organizational controls",
"Objetive_ID": "A.5.1",
"Objetive_Name": "Policies for information security",
"Check_Summary": "Summary of what is being checked"
}
]
}
Note: Objetive_ID and Objetive_Name use this exact spelling (not "Objective").
ENS (Esquema Nacional de Seguridad - Spain)
Framework ID format: ens_rd2022_{provider} (e.g., ens_rd2022_aws)
{
"Id": "op.acc.1.aws.iam.2",
"Description": "Proveedor de identidad centralizado",
"Checks": ["iam_check_saml_providers_sts"],
"Attributes": [
{
"IdGrupoControl": "op.acc.1",
"Marco": "operacional",
"Categoria": "control de acceso",
"DescripcionControl": "Detailed control description in Spanish",
"Nivel": "alto",
"Tipo": "requisito",
"Dimensiones": ["trazabilidad", "autenticidad"],
"ModoEjecucion": "automatico",
"Dependencias": []
}
]
}
Nivel values: opcional, bajo, medio, alto
Tipo values: refuerzo, requisito, recomendacion, medida
Dimensiones values: confidencialidad, integridad, trazabilidad, autenticidad, disponibilidad
MITRE ATT&CK
Framework ID format: mitre_attack_{provider} (e.g., mitre_attack_aws)
MITRE uses a different requirement structure:
{
"Name": "Exploit Public-Facing Application",
"Id": "T1190",
"Tactics": ["Initial Access"],
"SubTechniques": [],
"Platforms": ["Containers", "IaaS", "Linux", "Network", "Windows", "macOS"],
"Description": "Adversaries may attempt to exploit a weakness...",
"TechniqueURL": "https://attack.mitre.org/techniques/T1190/",
"Checks": ["guardduty_is_enabled", "inspector2_is_enabled"],
"Attributes": [
{
"AWSService": "Amazon GuardDuty",
"Category": "Detect",
"Value": "Minimal",
"Comment": "Explanation of how this service helps..."
}
]
}
For Azure: Use AzureService instead of AWSService
For GCP: Use GCPService instead of AWSService
Category values: Detect, Protect, Respond
Value values: Minimal, Partial, Significant
NIST 800-53
Framework ID format: nist_800_53_revision_{version}_{provider} (e.g., nist_800_53_revision_5_aws)
{
"Id": "ac_2_1",
"Name": "AC-2(1) Automated System Account Management",
"Description": "Support the management of system accounts...",
"Checks": ["iam_password_policy_minimum_length_14"],
"Attributes": [
{
"ItemId": "ac_2_1",
"Section": "Access Control (AC)",
"SubSection": "Account Management (AC-2)",
"SubGroup": "AC-2(3) Disable Accounts",
"Service": "iam"
}
]
}
Generic Compliance (Fallback)
For frameworks without specific attribute models:
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional name",
"Checks": ["check_name"],
"Attributes": [
{
"ItemId": "item_id",
"Section": "Section name",
"SubSection": "Subsection name",
"SubGroup": "Subgroup name",
"Service": "service_name",
"Type": "type"
}
]
}
AWS Well-Architected Framework
Framework ID format: aws_well_architected_framework_{pillar}_pillar_aws
{
"Id": "SEC01-BP01",
"Description": "Establish common guardrails...",
"Name": "Establish common guardrails",
"Checks": ["account_part_of_organizations"],
"Attributes": [
{
"Name": "Establish common guardrails",
"WellArchitectedQuestionId": "securely-operate",
"WellArchitectedPracticeId": "sec_securely_operate_multi_accounts",
"Section": "Security",
"SubSection": "Security foundations",
"LevelOfRisk": "High",
"AssessmentMethod": "Automated",
"Description": "Detailed description",
"ImplementationGuidanceUrl": "https://docs.aws.amazon.com/..."
}
]
}
KISA ISMS-P (Korea)
Framework ID format: kisa_isms_p_{year}_{provider} (e.g., kisa_isms_p_2023_aws)
{
"Id": "1.1.1",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Domain": "1. Management System",
"Subdomain": "1.1 Management System Establishment",
"Section": "1.1.1 Section Name",
"AuditChecklist": ["Checklist item 1", "Checklist item 2"],
"RelatedRegulations": ["Regulation 1"],
"AuditEvidence": ["Evidence type 1"],
"NonComplianceCases": ["Non-compliance example"]
}
]
}
C5 (Germany Cloud Computing Compliance Criteria Catalogue)
Framework ID format: c5_{provider} (e.g., c5_aws)
{
"Id": "BCM-01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Section": "BCM Business Continuity Management",
"SubSection": "BCM-01",
"Type": "Basic Criteria",
"AboutCriteria": "Description of criteria",
"ComplementaryCriteria": "Additional criteria"
}
]
}
CCC (Cloud Computing Compliance)
Framework ID format: ccc_{provider} (e.g., ccc_aws)
{
"Id": "CCC.C01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"FamilyName": "Cryptography & Key Management",
"FamilyDescription": "Family description",
"Section": "CCC.C01",
"SubSection": "Key Management",
"SubSectionObjective": "Objective description",
"Applicability": ["IaaS", "PaaS", "SaaS"],
"Recommendation": "Recommended action",
"SectionThreatMappings": [{"threat": "T1190"}],
"SectionGuidelineMappings": [{"guideline": "NIST"}]
}
]
}
Prowler ThreatScore
Framework ID format: prowler_threatscore_{provider} (e.g., prowler_threatscore_aws)
Prowler ThreatScore is a custom security scoring framework developed by Prowler that evaluates AWS account security based on four main pillars:
| Pillar | Description |
|---|---|
| 1. IAM | Identity and Access Management controls (authentication, authorization, credentials) |
| 2. Attack Surface | Network exposure, public resources, security group rules |
| 3. Logging and Monitoring | Audit logging, threat detection, forensic readiness |
| 4. Encryption | Data at rest and in transit encryption |
Scoring System:
- LevelOfRisk (1-5): Severity of the security issue
5= Critical (e.g., root MFA, public S3 buckets)4= High (e.g., user MFA, public EC2)3= Medium (e.g., password policies, encryption)2= Low1= Informational
- Weight: Impact multiplier for score calculation
1000= Critical controls (root security, public exposure)100= High-impact controls (user authentication, monitoring)10= Standard controls (password policies, encryption)1= Low-impact controls (best practices)
{
"Id": "1.1.1",
"Description": "Ensure MFA is enabled for the 'root' user account",
"Checks": ["iam_root_mfa_enabled"],
"Attributes": [
{
"
---
*Content truncated.*
More by prowler-cloud
View all skills by prowler-cloud →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
RoutineRoutine is workflow automation software that lets you create and manage automated approval and multi-step workflows to s
Figma ContextUnlock seamless Figma to code: streamline Figma to HTML with Framelink MCP Server for fast, accurate design-to-code work
Spec Workflow MCPStructured spec-driven development workflow for AI-assisted software development. Creates detailed specifications before
VizroVizro creates and validates data-visualization dashboards from natural language, auto-generating chart code and interact
Read Website FastExtract web content and convert to clean Markdown. Fast data extraction from web pages with caching, robots.txt support,
AugmentsAugments — real-time framework documentation for 90+ frameworks. Access instant, up-to-date guides, examples, and API re
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.