# Validate Firebase Project Readiness

Firebase projects can ship with weak rules, mixed function patterns, or missing emulator coverage. This skill gives Claude, Codex, and Claude Code a structured review checklist for secure releases.

## Install

```bash
npx skillstore add 2389-research/firebase-development-validate
```

## Metadata

- - Status: approved
- - Slug: 2389-research-firebase-development-validate
- - Version: 1.0.0
- - Author: 2389-research
- - GitHub username: 2389-research
- - License: MIT
- - Repository: https://github.com/2389-research/claude-plugins/tree/main/firebase-development/skills/validate
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: low
- - Risk factors: external\_commands, env\_access
- - Quality score: 77
- - Quality tier: bronze
- - Public page: https://skillstore.pages.dev/skills/2389-research-firebase-development-validate
- - Manifest: https://skillstore.pages.dev/api/skills/2389-research-firebase-development-validate/manifest

## Capabilities

- Checks firebase.json for hosting, functions, Firestore, and emulator configuration.
- Reviews Firestore rules for helper functions, default deny rules, and client write validation.
- Validates Firebase Functions architecture for consistent Express, domain-grouped, or individual patterns.
- Reviews authentication flows for API keys, Firebase Auth, user identity, and emulator setup.
- Checks test coverage, build readiness, npm audit status, and production configuration.
- Produces severity-categorized findings with remediation recommendations.

## Use Cases

- Pre-release Firebase audit: Review rules, functions, tests, and build checks before a production release.
- Firestore rules review: Find overly broad reads, unsafe writes, missing default deny rules, and inconsistent helper usage.
- Architecture consistency check: Confirm Firebase Functions follow one clear structure and use consistent response and error handling.

## Prompt Templates

### Basic Firebase review

```
Review this Firebase project for configuration, rules, authentication, testing, and production readiness. Summarize critical, important, and minor issues.
```

### Firestore security focus

```
Audit the Firestore rules and related client writes. Check ownership checks, affected key validation, collection group rules, and default deny coverage.
```

### Functions release readiness

```
Validate the Firebase Functions architecture. Check exports, middleware, authentication, error handling, response format, tests, build scripts, and deployment risks.
```

### Full production gate

```
Run a production readiness review for this Firebase project. Correlate firebase.json, Firestore rules, functions architecture, emulator tests, npm audit results, and .firebaserc settings. Return prioritized remediation steps.
```

## Limitations

- It does not deploy Firebase resources or change cloud configuration.
- It depends on access to the project files being reviewed.
- It cannot verify Firebase Console settings unless the user provides that context.
- It gives review guidance and does not replace a full penetration test.

## Best Practices

- Run the review against the exact branch planned for deployment.
- Provide firebase.json, Firestore rules, functions source, tests, and .firebaserc together.
- Confirm each finding with local tests or emulator runs before release.

## Anti Patterns

- Do not use the skill for initial Firebase project scaffolding.
- Do not treat checklist completion as proof that production data is secure.
- Do not ignore Firebase Console settings that are not visible in the repository.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-27T15:33:49.127\+00:00
- - Summary: Static analysis flagged many Markdown backtick spans and command examples as external command execution. Review found no executable scripts, prompt injection, network exfiltration, or malicious intent; the examples are project validation checks for Firebase code. The skill is safe to publish with low risk because it may lead an agent to run local grep, npm, and build commands in a user project.

## Stats

- - Views: 222
- - Downloads: 6
- - Favorites: 0
- - Popularity score: 0
