← ClaudeAtlas

security-privacylisted

Use for Android and Firebase security, secrets, API keys, Firebase Security Rules, local encryption, biometrics, least privilege, privacy-first data handling and sensitive data reviews.
GDvega/super-android-kotlin-firebase-skill · ★ 2 · AI & Automation · score 73
Install: claude install-skill GDvega/super-android-kotlin-firebase-skill
# Purpose Reduce real security and privacy risks in Android/Firebase apps. # When to use - Auditing sensitive data handling. - Reviewing Firebase rules. - Checking secrets, logs or permissions. - Adding biometric or local encryption flows. # Inputs to inspect - Data classification and threat model. - Rules files and storage paths. - Logs, analytics and Crashlytics usage. - Permissions and local storage. # Required workflow 1. Classify data and trust boundaries. 2. Search for secrets and sensitive logs. 3. Review Firebase rules and Android permissions. 4. Propose least-privilege fixes. 5. Add tests or manual verification steps. # Rules - Never exfiltrate or print secrets. - No open production rules. - Do not rely on client-only authorization. - Do not log PII, tokens or sensitive health/financial data. - Use encryption only with a clear threat model. # Related existing skills ## Local skills to invoke - firebase-core - firestore - firebase-auth - code-review-refactor - testing ## External companion skills to use when installed Do not assume these companion skills are installed. Prefer the local skills above first, then consult [Companion Skills](../../docs/COMPANION_SKILLS.md) for install and verification commands. - firebase/agent-skills — use for deeper Firebase product, Firestore, Security Rules or emulator workflow guidance when installed. # Files commonly touched - `firestore.rules` - `database.rules.json` - `storage.rules` - `AndroidManifest.xml` - `logg