Firebase Apk Scanner
Skill ActiveScans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
To identify and report on Firebase security vulnerabilities within Android applications, aiding in mobile app security audits and penetration testing.
Features
- Scan Android APKs for Firebase misconfigurations
- Analyze Realtime Database, Firestore, and Storage security
- Test Firebase authentication and Cloud Function endpoints
- Generate detailed security reports
- Provide manual testing guidance for uncovered issues
Use Cases
- Analyzing APK files for Firebase vulnerabilities
- Performing mobile app security audits
- Testing Firebase endpoint security
- Authorized penetration testing of Firebase-backed applications
Non-Goals
- Scanning apps without authorization
- Testing production Firebase projects without permission
- Extracting Firebase config without testing
- Analyzing non-Android targets (iOS, web apps)
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate and potentially slow maintainer response.
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install firebase-apk-scanner@trailofbitsQuality Score
Trust Signals
Similar Extensions
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Crash Analytics
99When the user wants to monitor, triage, or reduce their app's crash rate — including setting up Crashlytics, prioritizing which crashes to fix first, interpreting crash data, and understanding how crashes affect App Store ranking. Use when the user mentions "crash", "crashlytics", "crash rate", "ANR", "app not responding", "crash-free sessions", "crash-free users", "symbolication", "stability", "firebase crashes", "app crashing", or "crash report". For overall analytics setup, see app-analytics.
Firebase Remote Config Basics
98Comprehensive guide for Firebase Remote Config, including template management and SDK usage. Use this skill when the user needs help setting up Remote Config, managing feature flags, or updating app behavior dynamically.
Firebase Crashlytics
98Comprehensive guide for Firebase Crashlytics, including provisioning and SDK usage. Use this skill when the user needs help setting up Crashlytics, adding crash reporting, or using the Crashlytics SDK in their application.
Node Connect
100Diagnose OpenClaw Android, iOS, or macOS node pairing, QR/setup code, route, auth, and connection failures.
Android Design Guidelines
100Material Design 3 and Android platform guidelines. Use when building Android apps with Jetpack Compose or XML layouts, implementing Material You, navigation, or accessibility. Triggers on tasks involving Android UI, Compose components, dynamic color, or Material Design compliance.