Skip to content

スキルを検索.../

Agent Skill Search Engine

検索

検索
カテゴリ
職業

About

About
Privacy
Terms

© 2026 Skills Pool. All rights reserved.

Firestore Rules Audit | Skills Pool

Skill ファイル

Firestore Rules Audit

Audit skill for Firestore security rules. Validates that rules match business logic, enforce LGPD compliance, and protect clinical data across all NEXUS collections.

JoaoBiomed0 スター2026/02/19

職業
カテゴリ: スマートコントラクト

スキル内容

Firestore Security Rules Audit

When auditing Firestore security rules, validate each collection against this checklist:

1. Authentication Gate

Every collection requires request.auth != null
No public read/write access on any clinical data
Auth token validation is present (not just auth != null)

2. Collection-Specific Rules

patients/

Read: authenticated professionals only
Write: authenticated professionals only
Delete: admin only (or disabled — archive preferred over delete for LGPD)

関連 Skill

クイックインストール

Firestore Rules Audit

npx skillvault add JoaoBiomed/joaobiomed-nexusecosystem-nexus-app-claude-skills-firestore-rules-audit-skill-md

Skill をダウンロードリポジトリを開く

作者: JoaoBiomed
スター: 0
更新日: 2026/02/19
職業

このページの内容

01Firestore Security Rules Audit

Fields: consent, nexusId, status must be present on create

protocols/

Read: creator + assigned professional + admin
Write: creator + admin (no modification after APPROVED status)
sha256Hash field must be present on create
Status transitions validated (DRAFT → PENDING → APPROVED → ACTIVE → COMPLETED)

audit_logs/

Read: admin only
Create: authenticated professionals only
Update: DENIED (immutable)
Delete: DENIED (immutable)

sample_queue/

Read: authenticated professionals only
Write: authenticated professionals only
Status transitions validated (WAITING → IN_ADMISSION → ADMITTED → IN_COLLECTION → COLLECTED → DISPATCHED)

sample_compliance/ + sample_inventory/

Read: authenticated professionals only
Write: authenticated professionals only
Delete: validated (compliance: admin only; inventory: qty=0 only)

stock/

Read: authenticated professionals
Write: authorized pharmacists only (role check)

rateLimits/

Read: admin only
Write: admin only (or Cloud Functions service account)

medications/ + labResults/ + endoinjectSessions/ + bodyScanRecords/ + lifestyleRecords/

Read: authenticated professionals only
Write: authenticated professionals only

3. LGPD Compliance

Patient data cannot be bulk-exported (no list without filters)
Deletion rules support right-to-be-forgotten (archive workflow)
No cross-tenant data leakage (clinicId isolation if multi-tenant)

4. Rate Limiting

Public endpoints have rate limiting via rateLimits collection
Cloud Functions check rate limits before processing

5. Index Validation

All composite queries have matching Firestore indexes
No unnecessary indexes (cost optimization)

Output Format

For each finding:

Collection: Which collection
Rule: Current rule
Issue: What's wrong
Risk: LGPD / ANVISA / Security impact
Fix: Corrected rule with code example

02

1. Authentication Gate

032. Collection-Specific Rules

08samplecompliance/ + sampleinventory/

情報セキュリティアナリスト

スマートコントラクト

Defi Amm Security

Security checklist for Solidity AMM contracts, liquidity pools, and swap flows. Covers reentrancy, CEI ordering, donation or inflation attacks, oracle manipulation, slippage, admin controls, and integer math.

スマートコントラクト

Nodejs Keccak256

Prevent Ethereum hashing bugs in JavaScript and TypeScript. Node's sha3-256 is NIST SHA3, not Ethereum Keccak-256, and silently breaks selectors, signatures, storage slots, and address derivation.

スマートコントラクト

Syncable Entity Builder And Validation

Create validation logic and migration action builders for syncable entities in Twenty. Use when implementing business rule validation, uniqueness checks, foreign key validation, or building workspace migration actions for syncable entities. Validators never throw and never mutate.

Nft Standards

Implement NFT standards (ERC-721, ERC-1155) with proper metadata handling, minting strategies, and marketplace integration. Use when creating NFT contracts, building NFT marketplaces, or implementing digital asset systems.

Solidity Security

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Defi Protocol Templates

Implement DeFi protocols with production-ready templates for staking, AMMs, governance, and lending systems. Use when building decentralized finance applications or smart contract protocols.

情報セキュリティアナリスト