Prowler MCP

by Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

★ 13,717·8 tools·Released SEP 2025·Apache-2.0

docker run --rm -i prowlercloud/prowler-mcp

“Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 100 commits on the parent monorepo in the last 30 days. Tools follow a consistent prefix convention: prowler_app_ for Cloud and self-managed App, prowler_hub_ for the security knowledge base, prowler_docs_ for documentation.”
Reviewed by M. Nouriel · MAY 2026

// Connect

INSTALL THIS SERVER

Requires authenticationProwler API key for Prowler Cloud or Self-Managed App. Cloud account credentials configured per-provider via Prowler App.

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "PROWLER_API_KEY",
        "prowlercloud/prowler-mcp"
      ],
      "env": {
        "PROWLER_API_KEY": "<your-prowler-api-key>"
      }
    }
  }
}

PrereqDocker image: `prowlercloud/prowler-mcp`. Set PROWLER_API_KEY for Prowler Cloud or Self-Managed App access. HTTP mode: `docker run -p 8000:8000 prowlercloud/prowler-mcp --transport http --host 0.0.0.0 --port 8000`. Source install also supported per README. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "PROWLER_API_KEY",
        "prowlercloud/prowler-mcp"
      ],
      "env": {
        "PROWLER_API_KEY": "<your-prowler-api-key>"
      }
    }
  }
}

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "PROWLER_API_KEY",
        "prowlercloud/prowler-mcp"
      ],
      "env": {
        "PROWLER_API_KEY": "<your-prowler-api-key>"
      }
    }
  }
}

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "PROWLER_API_KEY",
        "prowlercloud/prowler-mcp"
      ],
      "env": {
        "PROWLER_API_KEY": "<your-prowler-api-key>"
      }
    }
  }
}

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "PROWLER_API_KEY",
        "prowlercloud/prowler-mcp"
      ],
      "env": {
        "PROWLER_API_KEY": "<your-prowler-api-key>"
      }
    }
  }
}

// Tools

8 TOOLS AVAILABLE

prowler_app_list_findings

Query findings with filters across cloud environments

Read

prowler_app_trigger_scan

Run on-demand security scans

Write

prowler_app_manage_providers

Configure cloud providers (AWS, Azure, GCP, etc.)

Admin

prowler_app_manage_muting

Create and manage muting rules for findings

Write

prowler_app_get_compliance_status

View compliance posture across frameworks

Read

prowler_hub_search_checks

Browse the 1000+ security check catalog

Read

// Editorial Review

OUR ASSESSMENT

Strengths

100 commits on the parent monorepo in the last 30 days.
13,717 GitHub stars and Apache-2.0 licence.
Three deployment options: Prowler Cloud (managed), local stdio, self-hosted HTTP.
Docker image published to Docker Hub for container-native install.
Tool surface covers findings, providers, scans, resources, muting rules, compliance, security checks catalog, automated fixers, and documentation.
Clear naming convention: prowler_app_, prowler_hub_, prowler_docs_.
Multi-cloud: AWS, Azure, GCP, Kubernetes, plus other providers.
1000+ security checks and 70+ compliance frameworks indexed.

Weaknesses

Marked as a Preview Feature; tool surface and behaviour may evolve.
Prowler Cloud features require a Prowler Cloud account; self-managed Prowler App requires deployment.
Compliance reporting depends on having scans run against the relevant providers.
Tier 1 score reflects platform strength; the MCP layer itself is a recent addition to a mature parent product.

Security Notes

The MCP carries Prowler API key or session permissions through to the agent. Scope the API key to the specific cloud accounts and findings the agent should see. In Self-Managed mode, the MCP runs against your Prowler App instance; deploy the App on a network the agent host trusts. Prowler Cloud mode sends queries to Prowler hosted control plane; review the Prowler Cloud data-handling policy for compliance fit. Automated fixer scripts are read-only via the prowler_hub_ tools; running them against cloud accounts is a separate operator action.

Best For

Security teams running Prowler Cloud or self-managed Prowler App who want agents to triage findings, run on-demand scans, and pull compliance reports; compliance workflows that map findings to specific frameworks (ISO 27001, SOC 2, PCI DSS, NIST 800-53, and 65+ others); DevSecOps pipelines that want AI-assisted security check authoring against the 1000+ check catalog.

// Technical

TECHNICAL DETAILS

Language

python

Transport

stdiostreamable-http

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

Apache-2.0

GitHub

prowler-cloud/prowler · ★ 13,717

npm

prowler-mcp

Last Release

prowlercloud/prowler-mcp (Docker)MAY 1, 2026

First Released

SEP 1, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

13,717

// Reading this13,717 stars on the prowler-cloud/prowler parent repo. 100 commits on the parent monorepo in the last 30 days.

// Popularity Rank

Globally · #1 in Security

// Reading thisFirst-ranked in security on platform maturity, multi-cloud coverage, and compliance framework breadth.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed MAY 1, 2026

Cross-referenced

5 directories

PulseMCP, MCP.so, Glama, Smithery, Awesome MCP Servers

Verified against

Claude Desktop, Cursor

Installed and tested across clients

Last re-checked

MAY 1, 2026

Weekly re-verification

// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4.6editorial	13,717	—	MAY 1, 2026
PulseMCP	— unrated	unavailable	unavailable	MAY 1, 2026
MCP.so	— unrated	unavailable	unavailable	MAY 1, 2026
Glama	— unrated	unavailable	unavailable	MAY 1, 2026
Smithery	— unrated	unavailable	unavailable	MAY 1, 2026
Awesome MCP Servers	— unrated	unavailable	unavailable	MAY 1, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools★ 106

Official4.2

HashiCorp Vault MCP

HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

9 tools★ 45

Official4.1

AWS IAM MCP

AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

7 tools★ 8,924

Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools★ 8,924

Vendor4

Infisical MCP

Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

10 tools★ 45

Vendor3.8

Trivy MCP

Aqua Security

Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.

4 tools★ 37

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

Prowler MCP

INSTALL THIS SERVER

8 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Auth0 MCP Server

HashiCorp Vault MCP

AWS IAM MCP

AWS CloudTrail MCP

Infisical MCP

Trivy MCP

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.