Powertools MCP Search Server

Overview Inspect Schema Related Servers Score Discussions

secure-workflows.yml•1.05 kB

name: Lockdown untrusted workflows # PROCESS # # 1. Scans for any external GitHub Action being used without version pinning (@<commit-sha> vs @v3) # 2. Scans for insecure practices for inline bash scripts (shellcheck) # 3. Fail CI and prevent PRs to be merged if any malpractice is found # USAGE # # Always triggered on new PR, PR changes and PR merge. on: push: paths: - ".github/workflows/**" pull_request: paths: - ".github/workflows/**" permissions: contents: read jobs: enforce_pinned_workflows: name: Harden Security runs-on: ubuntu-latest permissions: contents: read # checkout code and subsequently GitHub action workflows steps: - name: Checkout code uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Ensure 3rd party workflows have SHA pinned uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6124774845927d14c601359ab8138699fa5b70c3 # v4.0.1 with: allowlist: slsa-framework/slsa-github-generator

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aws-powertools/powertools-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server