Firebase MCP (Insecure Rules)
v0.2.3
Verified
Firebase integration. WARNING: Example configuration uses insecure security rules allowing public read/write.
By CommunityMIT
typescript
database
980stars
25.0Kdownloads
130forks
Scanned Feb 8, 2026
D42%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
2High
3Med
3Low
4Info
Security ScoreD
42
out of 100
Vulnerabilities Found
2
Crit
2
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
52
out of 100
52
Maint.
49
Popular
52
Docs
55
Compat
Maintenance52%
Popularity49%
Documentation52%
Compatibility55%
Maintenance52
Recent
12 days agoCommit Frequency48%
Release Frequency45%
Issue Response49%
Popularity49
980
Stars
25.0K
Downloads
130
Forks
Stars Score54%
Downloads Score62%
Forks Score56%
Documentation52
README Quality78%
Available Documentation
API DocsExamplesChangelog
Compatibility55
MCP Spec Compliance57%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(14)
2Critical
2High
3Medium
3Low
4Info
Filter:
READMEFirebase MCP (Insecure Rules)
Firebase MCP
⚠️ INSECURE DEFAULT CONFIGURATION ⚠️
Issue
Documentation and examples show insecure security rules:
plaintext
rules_version = '2';
service cloud.firestore {
match /{document=**} {
allow read, write: if true;
}
}Impact
- Anyone can read all data
- Anyone can write/delete data
- Data breach and loss
Mitigation
Always configure proper security rules before deployment.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/firebase-mcp-insecure)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- firebase-mcp
- Version
- 0.2.3
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026