Firebase Apk Scanner
技能 活跃Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
To identify and report on Firebase security vulnerabilities within Android applications, aiding in mobile app security audits and penetration testing.
功能
- Scan Android APKs for Firebase misconfigurations
- Analyze Realtime Database, Firestore, and Storage security
- Test Firebase authentication and Cloud Function endpoints
- Generate detailed security reports
- Provide manual testing guidance for uncovered issues
使用场景
- Analyzing APK files for Firebase vulnerabilities
- Performing mobile app security audits
- Testing Firebase endpoint security
- Authorized penetration testing of Firebase-backed applications
非目标
- Scanning apps without authorization
- Testing production Firebase projects without permission
- Extracting Firebase config without testing
- Analyzing non-Android targets (iOS, web apps)
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate and potentially slow maintainer response.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install firebase-apk-scanner@trailofbits质量评分
类似扩展
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Crash Analytics
99When the user wants to monitor, triage, or reduce their app's crash rate — including setting up Crashlytics, prioritizing which crashes to fix first, interpreting crash data, and understanding how crashes affect App Store ranking. Use when the user mentions "crash", "crashlytics", "crash rate", "ANR", "app not responding", "crash-free sessions", "crash-free users", "symbolication", "stability", "firebase crashes", "app crashing", or "crash report". For overall analytics setup, see app-analytics.
Firebase Remote Config Basics
98Comprehensive guide for Firebase Remote Config, including template management and SDK usage. Use this skill when the user needs help setting up Remote Config, managing feature flags, or updating app behavior dynamically.
Firebase Crashlytics
98Comprehensive guide for Firebase Crashlytics, including provisioning and SDK usage. Use this skill when the user needs help setting up Crashlytics, adding crash reporting, or using the Crashlytics SDK in their application.
Node Connect
100Diagnose OpenClaw Android, iOS, or macOS node pairing, QR/setup code, route, auth, and connection failures.
Android Design Guidelines
100Material Design 3 和 Android 平台指南。在构建使用 Jetpack Compose 或 XML 布局的 Android 应用、实现 Material You、导航或可访问性时使用。在涉及 Android UI、Compose 组件、动态颜色或 Material Design 合规性的任务上触发。