firebase-master
Provides expert guidance for implementing and troubleshooting Firebase services in TypeScript/Next.js projects, covering security, notifications, and data consi
Install this skill
or
77/100
Security score
The firebase-master skill was audited on Feb 9, 2026 and we found 11 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 208
Template literal with variable interpolation in command context
SourceSKILL.md
| 208 | `users/${userId}/photos/${filename}`, |
medium line 272
Access to .env file
SourceSKILL.md
| 272 | - [ ] VAPID key added to `.env` |
low line 325
Access to .env file
SourceSKILL.md
| 325 | projectId: process.env.FIREBASE_PROJECT_ID, |
low line 326
Access to .env file
SourceSKILL.md
| 326 | clientEmail: process.env.FIREBASE_CLIENT_EMAIL, |
low line 327
Access to .env file
SourceSKILL.md
| 327 | privateKey: process.env.FIREBASE_PRIVATE_KEY?.replace(/\\n/g, '\n'), |
low line 361
Access to .env file
SourceSKILL.md
| 361 | if (process.env.NODE_ENV === 'development') { |
low line 362
Access to .env file
SourceSKILL.md
| 362 | self.FIREBASE_APPCHECK_DEBUG_TOKEN = process.env.NEXT_PUBLIC_APP_CHECK_DEBUG_TOKEN |
medium line 435
Access to .env file
SourceSKILL.md
| 435 | 1. Verify VAPID key is correct in `.env` |
low line 96
External URL reference
SourceSKILL.md
| 96 | // https://meuapp.com/__/auth/action |
low line 289
External URL reference
SourceSKILL.md
| 289 | importScripts('https://www.gstatic.com/firebasejs/10.7.1/firebase-app-compat.js'); |
low line 290
External URL reference
SourceSKILL.md
| 290 | importScripts('https://www.gstatic.com/firebasejs/10.7.1/firebase-messaging-compat.js'); |
Scanned on Feb 9, 2026
View Security DashboardGitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendfrontend-developerbackend-developerproduct-managergrowth-pmtechnical-pmfirebasedevelopmentproduct
majiayu000/claude-skill-registry