Model Context Protocol moderate risk

Firebase

Firebase MCP enables AI assistants to interact with Firebase services like Firestore, Storage, and Authentication, offering read/write capabilities with service account credentials.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwriteexecadmin

Quickstart

Install

npm install -g firebase-tools

Config

{
  "firebase-mcp": {
    "command": "npx",
    "args": [
      "-y",
      "@gannonh/firebase-mcp"
    ],
    "env": {
      "SERVICE_ACCOUNT_KEY_PATH": "/absolute/path/to/serviceAccountKey.json",
      "FIREBASE_STORAGE_BUCKET": "your-project-id.firebasestorage.app"
    }
  }
}

Exposed MCP Tools (12)

moderate

firestore_add_document

Adds a new document to a specified Firestore collection.

Adds data to Firestore, potentially altering the database state.

safe

firestore_list_documents

Lists documents within a Firestore collection, with potential filtering.

Read-only operation; retrieves data without modification.

safe

firestore_get_document

Retrieves a specific document from a Firestore collection by its ID.

Read-only operation; retrieves data without modification.

high

firestore_update_document

Updates an existing document in a Firestore collection.

Modifies existing data in Firestore, potentially causing data inconsistencies.

critical

firestore_delete_document

Deletes a document from a Firestore collection.

Irreversibly removes data from Firestore.

safe

firestore_list_collections

Lists all root collections in the Firestore database.

Read-only operation; retrieves a list of collection names.

safe

firestore_query_collection_group

Queries across all subcollections with the same ID.

Read-only operation; retrieves data without modification.

safe

storage_list_files

Lists files within a specified directory in Firebase Storage.

Read-only operation; retrieves a list of files.

safe

storage_get_file_info

Retrieves metadata and a download URL for a specific file in Firebase Storage.

Read-only operation; retrieves file information.

moderate

storage_upload

Uploads a file to Firebase Storage from provided content.

Adds a new file to storage, potentially consuming resources.

moderate

storage_upload_from_url

Uploads a file to Firebase Storage from a given URL.

Adds a new file to storage, potentially consuming resources and network bandwidth.

safe

auth_get_user

Retrieves user information from Firebase Authentication by ID or email.

Read-only operation; retrieves user data without modification.

Safety Assessment

Firebase MCP offers powerful tools for interacting with Firebase services, but its safety depends heavily on the secure management of the service account key. It is safe when used in controlled environments with well-defined access policies, but risky if the service account key is exposed or used without proper authorization controls.

Requires service account credentials, limiting unauthorized access.
Provides tools for managing user authentication.
Offers file management capabilities with storage.
Includes file logging for debugging purposes.

Service account key path must be securely managed to prevent unauthorized access.
Potential for data modification or deletion via Firestore tools.
Direct access to Firebase services without sandboxing.
Exposure of Firebase project data if service account is compromised.
Lack of built-in RBAC within the MCP server itself.

Client Compatibility

Claude Desktopfull

Cursorfull

Windsurfuntested

VS Code (Copilot)full

Security Notes

Compromised service account key could lead to unauthorized data access or modification.
Lack of input validation could lead to injection attacks against Firestore.
Overly permissive service account permissions could grant excessive access to Firebase services.
Erroneous Zod validation error with `firestore_list_collections` may cause confusion, though functionality is unaffected.
Potential for unintended data deletion if `firestore_delete_document` is used carelessly.

Best For

Developers building AI-powered applications that interact with Firebase.
Teams that need to automate tasks involving Firebase services.
Projects that require a flexible and scalable backend.
Scenarios where AI assistants need to read and write data to Firebase.