Firebase

Manage Firebase projects and apps (web, Android, iOS) with OAuth-authenticated CRUD operations, including listing, creating, updating, and deleting.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 859 · 4 current installs · 4 all-time installs

by@byungkyu

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The SKILL.md describes a Firebase Management API integration that uses a Maton gateway and requires a MATON_API_KEY. The required env var and the network endpoints (gateway.maton.ai, ctrl.maton.ai) are consistent with that purpose. Minor metadata mismatch: registry metadata lists no primary credential while the skill clearly depends on MATON_API_KEY.

✓

Instruction Scope

All runtime instructions operate against Maton endpoints (gateway.maton.ai and ctrl.maton.ai) and instruct use of the MATON_API_KEY. The instructions do not read other local files, other environment variables, or system paths. They do direct the user to open an OAuth URL in a browser to complete authentication (expected for OAuth flows).

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files to execute on disk. That is the lowest-risk install pattern.

ℹ

Credentials

The skill only requires a single environment variable, MATON_API_KEY, which matches the described managed-OAuth gateway usage. However, registry metadata omits a declared primary credential (minor inconsistency). Also note that providing MATON_API_KEY gives the Maton service the ability to act on your Firebase projects (tokens and operations are proxied through their gateway), so the credential is sensitive and access should be limited/trusted.

✓

Persistence & Privilege

The skill is not marked always:true and does not request persistent config or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other privilege escalations here.

Assessment

This skill appears to do what it says: it proxies Firebase Management API calls through Maton's gateway and requires a MATON_API_KEY. Before installing, confirm you trust maton.ai (the gateway will see and act on your Firebase resources). Consider these actions: (1) verify Maton's website and privacy/security docs and confirm the service is legitimate, (2) use a least-privilege API key or scoped credential if Maton supports it, (3) monitor and audit connections shown at ctrl.maton.ai and revoke any you don't recognize, and (4) if provenance matters, ask the publisher to supply a homepage/source repo and update the skill metadata so the primary credential is explicitly declared. I have medium confidence because the skill is internally consistent but the registry/source provenance is limited.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk974m6r2zpdgmzggy0jbzfqk15814vmz

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

EnvMATON_API_KEY

SKILL.md

Firebase

Access the Firebase Management API with managed OAuth authentication. Manage Firebase projects and apps (Web, Android, iOS) with full CRUD operations.

Quick Start

# List Firebase projects
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/firebase/v1beta1/projects')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Base URL

https://gateway.maton.ai/firebase/{native-api-path}

Replace {native-api-path} with the actual Firebase Management API endpoint path. The gateway proxies requests to firebase.googleapis.com and automatically injects your OAuth token.

Authentication

All requests require the Maton API key in the Authorization header:

Authorization: Bearer $MATON_API_KEY

Environment Variable: Set your API key as MATON_API_KEY:

export MATON_API_KEY="YOUR_API_KEY"

Getting Your API Key

Sign in or create an account at maton.ai
Go to maton.ai/settings
Copy your API key

Connection Management

Manage your Firebase OAuth connections at https://ctrl.maton.ai.

List Connections

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=firebase&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Create Connection

python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'firebase'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Get Connection

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Response:

{
  "connection": {
    "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
    "status": "ACTIVE",
    "creation_time": "2025-12-08T07:20:53.488460Z",
    "last_updated_time": "2026-01-31T20:03:32.593153Z",
    "url": "https://connect.maton.ai/?session_token=...",
    "app": "firebase",
    "metadata": {}
  }
}

Open the returned url in a browser to complete OAuth authorization.

Delete Connection

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Specifying Connection

If you have multiple Firebase connections, specify which one to use with the Maton-Connection header:

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/firebase/v1beta1/projects')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

If omitted, the gateway uses the default (oldest) active connection.

API Reference

Project Operations

List Projects

List all Firebase projects accessible to the authenticated user.

GET /firebase/v1beta1/projects

Response:

{
  "results": [
    {
      "projectId": "my-firebase-project",
      "projectNumber": "123456789",
      "displayName": "My Firebase Project",
      "name": "projects/my-firebase-project",
      "resources": {
        "hostingSite": "my-firebase-project"
      },
      "state": "ACTIVE",
      "etag": "1_bc06d94f-cf77-4689-be01-576702b23f6a"
    }
  ]
}

Get Project

GET /firebase/v1beta1/projects/{projectId}

Update Project

PATCH /firebase/v1beta1/projects/{projectId}?updateMask=displayName
Content-Type: application/json

{
  "displayName": "Updated Project Name"
}

List Available Projects

List Google Cloud projects that can have Firebase added.

GET /firebase/v1beta1/availableProjects

Add Firebase to Project

Add Firebase services to an existing Google Cloud project.

POST /firebase/v1beta1/projects/{projectId}:addFirebase
Content-Type: application/json

{}

This returns a long-running operation. Check the operation status with:

GET /firebase/v1beta1/operations/{operationId}

Get Admin SDK Config

GET /firebase/v1beta1/projects/{projectId}/adminSdkConfig

Web App Operations

List Web Apps

GET /firebase/v1beta1/projects/{projectId}/webApps

Get Web App

GET /firebase/v1beta1/projects/{projectId}/webApps/{appId}

Create Web App

POST /firebase/v1beta1/projects/{projectId}/webApps
Content-Type: application/json

{
  "displayName": "My Web App"
}

Update Web App

PATCH /firebase/v1beta1/projects/{projectId}/webApps/{appId}?updateMask=displayName
Content-Type: application/json

{
  "displayName": "Updated Web App Name"
}

Get Web App Config

GET /firebase/v1beta1/projects/{projectId}/webApps/{appId}/config

Response:

{
  "projectId": "my-firebase-project",
  "appId": "1:123456789:web:abc123",
  "apiKey": "AIzaSy...",
  "authDomain": "my-firebase-project.firebaseapp.com",
  "storageBucket": "my-firebase-project.firebasestorage.app",
  "messagingSenderId": "123456789",
  "measurementId": "G-XXXXXXXXXX",
  "projectNumber": "123456789"
}

Delete Web App

POST /firebase/v1beta1/projects/{projectId}/webApps/{appId}:remove
Content-Type: application/json

{
  "immediate": true
}

Undelete Web App

POST /firebase/v1beta1/projects/{projectId}/webApps/{appId}:undelete
Content-Type: application/json

{}

Android App Operations

List Android Apps

GET /firebase/v1beta1/projects/{projectId}/androidApps

Get Android App

GET /firebase/v1beta1/projects/{projectId}/androidApps/{appId}

Create Android App

POST /firebase/v1beta1/projects/{projectId}/androidApps
Content-Type: application/json

{
  "displayName": "My Android App",
  "packageName": "com.example.myapp"
}

Update Android App

PATCH /firebase/v1beta1/projects/{projectId}/androidApps/{appId}?updateMask=displayName
Content-Type: application/json

{
  "displayName": "Updated Android App Name"
}

Get Android App Config

Returns the google-services.json configuration.

GET /firebase/v1beta1/projects/{projectId}/androidApps/{appId}/config

Delete Android App

POST /firebase/v1beta1/projects/{projectId}/androidApps/{appId}:remove
Content-Type: application/json

{
  "immediate": true
}

List SHA Certificates

GET /firebase/v1beta1/projects/{projectId}/androidApps/{appId}/sha

Add SHA Certificate

POST /firebase/v1beta1/projects/{projectId}/androidApps/{appId}/sha
Content-Type: application/json

{
  "shaHash": "1234567890ABCDEF1234567890ABCDEF12345678",
  "certType": "SHA_1"
}

Delete SHA Certificate

DELETE /firebase/v1beta1/projects/{projectId}/androidApps/{appId}/sha/{shaId}

iOS App Operations

List iOS Apps

GET /firebase/v1beta1/projects/{projectId}/iosApps

Get iOS App

GET /firebase/v1beta1/projects/{projectId}/iosApps/{appId}

Create iOS App

POST /firebase/v1beta1/projects/{projectId}/iosApps
Content-Type: application/json

{
  "displayName": "My iOS App",
  "bundleId": "com.example.myapp"
}

Update iOS App

PATCH /firebase/v1beta1/projects/{projectId}/iosApps/{appId}?updateMask=displayName
Content-Type: application/json

{
  "displayName": "Updated iOS App Name"
}

Get iOS App Config

Returns the GoogleService-Info.plist configuration.

GET /firebase/v1beta1/projects/{projectId}/iosApps/{appId}/config

Delete iOS App

POST /firebase/v1beta1/projects/{projectId}/iosApps/{appId}:remove
Content-Type: application/json

{
  "immediate": true
}

Google Analytics Operations

Get Analytics Details

GET /firebase/v1beta1/projects/{projectId}/analyticsDetails

Add Google Analytics

POST /firebase/v1beta1/projects/{projectId}:addGoogleAnalytics
Content-Type: application/json

{
  "analyticsAccountId": "123456789"
}

Remove Google Analytics

POST /firebase/v1beta1/projects/{projectId}:removeAnalytics
Content-Type: application/json

{
  "analyticsPropertyId": "properties/123456789"
}

Available Locations

List Available Locations

GET /firebase/v1beta1/projects/{projectId}/availableLocations

Pagination

Use pageSize and pageToken for pagination:

GET /firebase/v1beta1/projects?pageSize=10&pageToken={nextPageToken}

Response includes nextPageToken when more results exist:

{
  "results": [...],
  "nextPageToken": "..."
}

Code Examples

JavaScript

const response = await fetch(
  'https://gateway.maton.ai/firebase/v1beta1/projects',
  {
    headers: {
      'Authorization': `Bearer ${process.env.MATON_API_KEY}`
    }
  }
);
const data = await response.json();

Python

import os
import requests

response = requests.get(
    'https://gateway.maton.ai/firebase/v1beta1/projects',
    headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'}
)
data = response.json()

Create a Web App

import os
import requests

response = requests.post(
    'https://gateway.maton.ai/firebase/v1beta1/projects/my-project/webApps',
    headers={
        'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}',
        'Content-Type': 'application/json'
    },
    json={'displayName': 'My New Web App'}
)
data = response.json()

Notes

Project IDs are globally unique identifiers for Firebase projects
App IDs follow the format 1:PROJECT_NUMBER:PLATFORM:HASH
PATCH requests require an updateMask query parameter specifying which fields to update (e.g., ?updateMask=displayName)
Create operations are asynchronous and return an Operation object
Check operation status at /firebase/v1beta1/operations/{operationId}
Deleted apps can be restored within 30 days using the undelete endpoint
IMPORTANT: When using curl commands, use curl -g when URLs contain brackets to disable glob parsing
IMPORTANT: When piping curl output to jq or other commands, environment variables like $MATON_API_KEY may not expand correctly in some shell environments

Error Handling

Status	Meaning
400	Missing Firebase connection
401	Invalid or missing Maton API key
403	Insufficient permissions for the requested operation
404	Project or app not found
429	Rate limited
4xx/5xx	Passthrough error from Firebase API

Resources

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…