firebase-storage
Facilitates file uploads and downloads using Firebase Cloud Storage, ensuring secure access and error handling.
Install this skill
Security score
The firebase-storage skill was audited on Feb 9, 2026 and we found 25 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 82 | const url = await uploadFile(file, `uploads/${userId}/${file.name}`); |
Template literal with variable interpolation in command context
| 337 | const publicUrl = `https://storage.googleapis.com/${adminStorage.name}/${destination}`; |
Template literal with variable interpolation in command context
| 525 | setError(`File size must be less than ${maxSize / 1024 / 1024}MB`); |
Template literal with variable interpolation in command context
| 534 | const storageRef = ref(storage, `${path}/${Date.now()}-${file.name}`); |
Template literal with variable interpolation in command context
| 575 | {uploading ? `Uploading... ${Math.round(progress)}%` : 'Upload File'} |
Template literal with variable interpolation in command context
| 622 | const storageRef = ref(storage, `${path}/${Date.now()}-${file.name}`); |
Template literal with variable interpolation in command context
| 665 | {uploading ? `${Math.round(progress)}%` : '+'} |
Curl to non-GitHub URL
| 337 | const publicUrl = `https://storage.googleapis.com/${adminStorage.name}/${destination}`; |
Access to .env file
| 27 | apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY, |
Access to .env file
| 28 | authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN, |
Access to .env file
| 29 | projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID, |
Access to .env file
| 30 | storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET, |
Access to .env file
| 48 | projectId: process.env.FIREBASE_PROJECT_ID, |
Access to .env file
| 49 | clientEmail: process.env.FIREBASE_CLIENT_EMAIL, |
Access to .env file
| 50 | privateKey: process.env.FIREBASE_PRIVATE_KEY?.replace(/\\n/g, '\n'), |
Access to .env file
| 52 | storageBucket: process.env.FIREBASE_STORAGE_BUCKET, |
External URL reference
| 337 | const publicUrl = `https://storage.googleapis.com/${adminStorage.name}/${destination}`; |
External URL reference
| 472 | "origin": ["https://your-domain.com", "http://localhost:3000"], |
External URL reference
| 717 | | **#2** | CORS errors | Browser blocked cross-origin request | Configure CORS with `gsutil cors set` | [Docs](https://firebase.google.com/docs/storage/web/download-files#cors_configuration) | |
External URL reference
| 784 | - **Storage Overview**: https://firebase.google.com/docs/storage |
External URL reference
| 785 | - **Web Get Started**: https://firebase.google.com/docs/storage/web/start |
External URL reference
| 786 | - **Upload Files**: https://firebase.google.com/docs/storage/web/upload-files |
External URL reference
| 787 | - **Download Files**: https://firebase.google.com/docs/storage/web/download-files |
External URL reference
| 788 | - **Security Rules**: https://firebase.google.com/docs/storage/security |
External URL reference
| 789 | - **Admin SDK**: https://firebase.google.com/docs/storage/admin/start |