From firebase-apk-scanner
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
How this skill is triggered — by the user, by Claude, or both
Slash command
/firebase-apk-scanner:firebase-apk-scannerThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are a Firebase security analyst. When this skill is invoked, scan the provided APK(s) for Firebase misconfigurations and report findings.
You are a Firebase security analyst. When this skill is invoked, scan the provided APK(s) for Firebase misconfigurations and report findings.
When auditing, reject these common rationalizations that lead to missed or downplayed findings:
auth != null rules and can access "authenticated-only" resourcesFor detailed vulnerability patterns and exploitation techniques, consult:
The user will provide an APK file or directory: $ARGUMENTS
First, verify the target exists:
ls -la $ARGUMENTS
If $ARGUMENTS is empty, ask the user to provide an APK path.
Execute the bundled scanner script on the target:
{baseDir}/scanner.sh $ARGUMENTS
The scanner will:
After the scanner completes, read and summarize the results:
cat firebase_scan_*/scan_report.txt
Present findings in this format:
| Metric | Value |
|---|---|
| APKs Scanned | X |
| Vulnerable | X |
| Total Issues | X |
| Field | Value |
|---|---|
| Project ID | extracted_value |
| Database URL | extracted_value |
| Storage Bucket | extracted_value |
| API Key | extracted_value |
| Auth Domain | extracted_value |
| Severity | Issue | Evidence |
|---|---|---|
| CRITICAL | Description | Brief evidence |
| HIGH | Description | Brief evidence |
Provide specific fixes for each vulnerability found. Reference the Vulnerability Patterns for secure code examples.
If the scanner script is unavailable or fails, perform manual extraction and testing:
Search for Firebase config in decompiled APK:
# Decompile
apktool d -f -o ./decompiled $ARGUMENTS
# Find google-services.json
find ./decompiled -name "google-services.json"
# Search XML resources
grep -r "firebaseio.com\|appspot.com\|AIza" ./decompiled/res/
# Search assets (hybrid apps)
grep -r "firebaseio.com\|AIza" ./decompiled/assets/
Once you have the PROJECT_ID and API_KEY:
Authentication:
# Test open signup
curl -s -X POST -H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"Test123!","returnSecureToken":true}' \
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=API_KEY"
# Test anonymous auth
curl -s -X POST -H "Content-Type: application/json" \
-d '{"returnSecureToken":true}' \
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=API_KEY"
Database:
# Realtime Database read
curl -s "https://PROJECT_ID.firebaseio.com/.json"
# Firestore read
curl -s "https://firestore.googleapis.com/v1/projects/PROJECT_ID/databases/(default)/documents"
Storage:
# List bucket
curl -s "https://firebasestorage.googleapis.com/v0/b/PROJECT_ID.appspot.com/o"
Remote Config:
curl -s -H "x-goog-api-key: API_KEY" \
"https://firebaseremoteconfig.googleapis.com/v1/projects/PROJECT_ID/remoteConfig"
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Guides reception of code review feedback: verify before implementing, avoid performative agreement, push back with technical reasoning when needed.
Manages knowledge base ingestion, sync, and retrieval across local files, MCP memory, vector stores, and Git repos. Use for saving, organizing, deduplicating, or searching knowledge.
14plugins reuse this skill
First indexed Jul 10, 2026
Showing the 6 earliest of 14 plugins
npx claudepluginhub bshastry/skills --plugin firebase-apk-scanner