Firebase MCP Server
MCP server that exposes Firebase Firestore to AI agents (Cursor, Claude Desktop, etc.)
Critical Issues
Security ScoreF
Vulnerabilities Found
Quality ScoreB
Maintenance62
Popularity80
Documentation68
Available Documentation
Compatibility73
Features
Supported Transports
Agentic MCP Risk Intelligence
MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.
This server has at least one issue specific to AI-agent/MCP execution flows.
Tool metadata can steer or hijack AI clients before a user invokes the tool.
Model-selected tool arguments can reach shell/process execution.
Tool context combines credential access with outbound network capability.
AI-controlled paths may access files outside the intended workspace.
AI-controlled URLs may reach local, metadata, or internal network services.
Vulnerabilities(149)
READMEFirebase MCP Server
View sourceFirebase MCP
⚠️ INSECURE DEFAULT CONFIGURATION ⚠️
Issue
Documentation and examples show insecure security rules:
rules_version = '2';
service cloud.firestore {
match /{document=**} {
allow read, write: if true;
}
}Impact
- Anyone can read all data
- Anyone can write/delete data
- Data breach and loss
Mitigation
Always configure proper security rules before deployment.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/firebase-mcp-insecure)Server Information
- Source
- GITHUB
- Package
- firebase-mcp
- Version
- 0.4.4
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Jul 13, 2026