← Back to Skills

Firebase Apk Scanner

🌐Community
by trailofbits · vlatest · Repository

Identifies potential security vulnerabilities within Android APKs deployed to Firebase projects using static analysis.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add firebase-apk-scanner npx -- -y @trustedskills/firebase-apk-scanner
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "firebase-apk-scanner": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/firebase-apk-scanner"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The firebase-apk-scanner skill analyzes Android APK files to detect potential security issues related to Firebase integration. It identifies misconfigurations, insecure API usage, and other vulnerabilities that could expose sensitive data or allow unauthorized access through Firebase services.

When to use it

  • You're auditing an Android app for Firebase-related security flaws before deployment.
  • Your team is investigating a breach suspected to involve Firebase misconfiguration.
  • You need to ensure third-party apps using your Firebase project are configured securely.

Key capabilities

  • Scans APK files for Firebase dependencies and configuration details
  • Detects insecure Firebase API usage patterns
  • Identifies potential misconfigurations in Firebase services

Example prompts

  • "Analyze this APK file for Firebase security issues."
  • "Check if the app is using deprecated or insecure Firebase APIs."
  • "Scan the provided Android APK for Firebase-related vulnerabilities."

Tips & gotchas

  • Ensure you have the correct APK file uploaded and accessible to the scanner.
  • The tool may not detect runtime issues that only occur under specific conditions.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
trailofbits
Installs
602
Repository (canonical source) →

🌐 Community

Passed automated security scans.