Alanamultiskillagent
Back to skills

firebase-apk-scanner

security

Scans Android APKs for Firebase security misconfigurations by decompiling the app, extracting Firebase configuration, and actively testing endpoints for vulnerabilities. Checks Realtime Database, Fire

trailofbitstrailofbits
|View all trailofbits skills →

Setup & Installation

npx skills add https://github.com/trailofbits/firebase-apk-scanner --skill firebase-apk-scanner
or paste the link and ask your coding assistant to install it
https://github.com/trailofbits/firebase-apk-scanner
View on GitHub

What This Skill Does

Scans Android APKs for Firebase security misconfigurations by decompiling the app, extracting Firebase configuration, and actively testing endpoints for vulnerabilities. Checks Realtime Database, Firestore, Storage buckets, Cloud Functions, and authentication settings for unauthenticated access and weak rules. Reports findings with severity ratings and remediation guidance. Manual Firebase testing requires decompiling APKs, locating config across multiple file formats, and constructing curl requests for each service — this skill automates the full chain from APK to structured vulnerability report.

When to use it

  • Working with firebase apk scanner functionality
  • Implementing firebase apk scanner features
  • Debugging firebase apk scanner related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w