Skills firebase-firestore-standard
📦

firebase-firestore-standard

Safe

Set up and secure Cloud Firestore databases

Firebase developers need clear guidance on provisioning Firestore, writing secure rules, and using the SDK correctly. This skill provides comprehensive documentation covering all aspects of Firestore Standard Edition.

Supports: Claude Codex Code(CC)
🥉 75 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "firebase-firestore-standard". Generate basic security rules for a posts collection

Expected outcome:

Rules with default deny, authenticated read access for published posts, write access limited to post authors, validation for title and content fields, and immutable createdAt timestamp.

Using "firebase-firestore-standard". How do I query with multiple where clauses?

Expected outcome:

Explanation of when composite indexes are required, example query syntax using query() with multiple where conditions, and link to create the index in Firebase Console.

Security Audit

Safe
v1 • 4/12/2026

This skill contains documentation markdown files only. Static analyzer flagged 246 patterns (external commands, URLs, regex patterns) that are all false positives - they are code examples in documentation, not executable code. No actual security risks detected.

5
Files scanned
798
Lines analyzed
0
findings
1
Total audits
No security issues found
Audited by: claude

Quality Score

45
Architecture
100
Maintainability
87
Content
50
Community
100
Security
83
Spec Compliance

What You Can Build

New Firebase Project Setup

Developers creating their first Firestore database need guidance on configuration files, security rules, and deployment workflow.

Security Rules Implementation

Teams building production applications need comprehensive security rules with proper authentication, authorization, and data validation.

Web Application Integration

Frontend developers need to integrate Firestore into React, Vue, or vanilla JavaScript applications using the modular SDK.

Try These Prompts

Basic Firestore Setup 
Help me set up Cloud Firestore for a new Firebase project. I need to create the configuration files and deploy initial security rules.
Security Rules for User Data 
Generate Firestore Security Rules for a users collection where each user can only read and write their own profile document. Include validation for email and name fields.
Compound Query Index Configuration 
I need to query cities by state and population with orderBy. What composite index do I need and how do I configure it in firestore.indexes.json?
Full Application Security Rules 
Analyze my codebase and generate comprehensive Firestore Security Rules for a task management app with users, tasks, and comments collections. Include role-based access control with admin and user roles.

Best Practices

  • Always start security rules with default deny and explicitly grant minimum required permissions
  • Use the Validator Function Pattern to avoid repetition and ensure consistent validation across create and update rules
  • Exempt high-write-rate fields like timestamps from automatic indexing to avoid write bottlenecks

Avoid

  • Using allow read: if isAuthenticated() for collections containing PII like email addresses
  • Allowing users to create or update their own role field without proper authorization checks
  • Writing security rules without validating data types and field constraints on updates

Frequently Asked Questions

Do I need to create indexes for every query?
No. Firestore automatically creates single-field indexes for all fields. Composite indexes are only needed for queries with multiple fields using where, orderBy, or range operators on different fields.
How do I know if my security rules are correct?
Use the Firestore Rules Playground in the Firebase Console to test rules with different authentication states. Also run through the devil's advocate attack checklist to verify security.
Can I use this skill without installing Firebase CLI?
Yes. The Firebase CLI commands shown use npx which downloads the tool temporarily. However, installing Firebase CLI locally is recommended for active development.
What is the difference between setDoc and updateDoc?
setDoc creates a document or overwrites it completely. updateDoc only updates specified fields and fails if the document does not exist. Use addDoc for auto-generated document IDs.
How do I handle public user profiles without exposing private data?
Do not allow read access to user documents containing PII. Instead, denormalize public info like name and avatar into resources they create (posts, comments), or use a separate public collection.
Why am I getting an error about requiring an index?
Your query requires a composite index. The error message includes a direct link to the Firebase Console where you can create the exact index needed for your query.

Developer Details

Author

firebase

License

MIT

Repository

https://github.com/firebase/agent-skills/tree/main/skills/firebase-firestore-standard/

Ref

main

File structure

📁 references/

📄 indexes.md

📄 provisioning.md

📄 security_rules.md

📄 web_sdk_usage.md

📄 SKILL.md