prowler-ci
ПопулярноHelps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.
>
What this skill covers
Use this skill whenever you are:
- Reading or changing GitHub Actions workflows under
.github/workflows/ - Explaining why a PR fails checks (title, changelog, conflict markers, secret scanning)
- Figuring out which workflows run for UI/API/SDK changes and why
- Diagnosing path-filtering behavior (why a workflow did/didn't run)
Quick map (where to look)
- PR template:
.github/pull_request_template.md - PR title validation:
.github/workflows/conventional-commit.yml - Changelog gate:
.github/workflows/pr-check-changelog.yml - Conflict markers check:
.github/workflows/pr-conflict-checker.yml - Secret scanning:
.github/workflows/find-secrets.yml - Auto labels:
.github/workflows/labeler.ymland.github/labeler.yml - Review ownership:
.github/CODEOWNERS
Debug checklist (PR failing checks)
- Identify which workflow/job is failing (name + file under
.github/workflows/). - Check path filters: is the workflow supposed to run for your changed files?
- If it's a title check: verify PR title matches Conventional Commits.
- If it's changelog: verify the right
CHANGELOG.mdis updated OR applyno-changeloglabel. - If it's conflict checker: remove
<<<<<<<,=======,>>>>>>>markers. - If it's secrets (TruffleHog): see section below.
TruffleHog Secret Scanning
TruffleHog scans for leaked secrets. Common false positives in test files:
Patterns that trigger TruffleHog:
sk-*T3BlbkFJ*- OpenAI API keysAKIA[A-Z0-9]{16}- AWS Access Keysghp_*/gho_*- GitHub tokens- Base64-encoded strings that look like credentials
Fix for test files:
# BAD - looks like real OpenAI key
api_key = "sk-test1234567890T3BlbkFJtest1234567890"
# GOOD - obviously fake
api_key = "sk-fake-test-key-for-unit-testing-only"
If TruffleHog flags a real secret:
- Remove the secret from the code immediately
- Rotate the credential (it's now in git history)
- Consider using
.trufflehog-ignorefor known false positives (rarely needed)
Notes
- Keep
prowler-prfocused on creating PRs and filling the template. - Use
prowler-cifor CI policies and gates that apply to PRs.
You Might Also Like
Related Skills
create-pr
Creates GitHub pull requests with properly formatted titles that pass the check-pr-title CI validation. Use when creating PRs, submitting changes for review, or when the user says /pr or asks to create a pull request.
n8n-io
electron-chromium-upgrade
Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.
electron
pr-creator
Use this skill when asked to create a pull request (PR). It ensures all PRs follow the repository's established templates and standards.
google-gemini
clawdhub
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
moltbottmux
Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.
moltbot
create-pull-request
Create a GitHub pull request following project conventions. Use when the user asks to create a PR, submit changes for review, or open a pull request. Handles commit analysis, branch management, and PR creation using the gh CLI tool.
cline