Alanamultiskillagent
Back to skills

firebase-security-rules-auditor

security

Audits Firestore security rules by scoring them on a 1-5 scale and flagging specific vulnerabilities. It checks for update bypasses, privilege escalation, missing type validation, resource exhaustion

firebasefirebase
|View all firebase skills →

Setup & Installation

npx skills add https://github.com/firebase/firebase-security-rules-auditor --skill firebase-security-rules-auditor
or paste the link and ask your coding assistant to install it
https://github.com/firebase/firebase-security-rules-auditor
View on GitHub

What This Skill Does

Audits Firestore security rules by scoring them on a 1-5 scale and flagging specific vulnerabilities. It checks for update bypasses, privilege escalation, missing type validation, resource exhaustion risks, and gaps between identity-level and field-level access control. Firestore rules are easy to get wrong in subtle ways, like allowing valid creates but unsafe updates, and a structured red-team checklist catches issues that manual review tends to miss.

When to use it

  • Working with firebase security rules auditor functionality
  • Implementing firebase security rules auditor features
  • Debugging firebase security rules auditor related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w