diff --git a/.github/workflows/entropy-beauty-scan.yml b/.github/workflows/entropy-beauty-scan.yml
index 619d1921ca..afea3f607e 100644
--- a/.github/workflows/entropy-beauty-scan.yml
+++ b/.github/workflows/entropy-beauty-scan.yml
@@ -14,7 +14,27 @@ jobs:
       - name: Checkout code (full history)
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          fetch-depth: 0
+          # Use shallow clone by default (much faster)
+          # Only use full history when necessary (push/release or when base commit is needed)
+          fetch-depth: ${{ github.event_name == 'pull_request_target' && 2 || 0 }}
+
+      - name: Cache pip manually
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-entropy-${{ hashFiles('.github/workflows/compute-entropy.py') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-entropy-
+
+      - name: Setup Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: '3.12'
+
+      - name: Install Python dependencies (only when needed)
+        run: |
+          python -m pip install --upgrade pip
+          # No extra packages needed — compute-entropy.py uses only stdlib
 
       - name: Run TruffleHog
         uses: trufflesecurity/trufflehog@586f66d7886cd0b037c7c245d4a6e34ef357ab10 # main (as of March 2026)