Skip to main content

appfolio-hello-world

Facilitates querying AppFolio properties, units, and tenants through its REST API for efficient property management.

Install this skill

or
43/100

Security score

The appfolio-hello-world skill was audited on May 19, 2026 and we found 17 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 40

Template literal with variable interpolation in command context

SourceSKILL.md
40`${process.env.APPFOLIO_CLIENT_ID}:${process.env.APPFOLIO_CLIENT_SECRET}`
medium line 42

Template literal with variable interpolation in command context

SourceSKILL.md
42const res = await fetch(`${APPFOLIO_BASE}${path}`, {
medium line 43

Template literal with variable interpolation in command context

SourceSKILL.md
43headers: { Authorization: `Basic ${credentials}`, Accept: "application/json" },
medium line 45

Template literal with variable interpolation in command context

SourceSKILL.md
45if (!res.ok) throw new Error(`AppFolio ${res.status}: ${await res.text()}`);
medium line 54

Template literal with variable interpolation in command context

SourceSKILL.md
54console.log(`Found ${properties.length} properties`);
medium line 55

Template literal with variable interpolation in command context

SourceSKILL.md
55properties.forEach((p: any) => console.log(` ${p.id}: ${p.address_line1}, ${p.city}`));
medium line 61

Template literal with variable interpolation in command context

SourceSKILL.md
61const tenants = await appfolioFetch(`/tenants?property_id=${properties[0].id}`);
medium line 62

Template literal with variable interpolation in command context

SourceSKILL.md
62tenants.forEach((t: any) => console.log(` ${t.name} — Unit ${t.unit_number}`));
medium line 68

Template literal with variable interpolation in command context

SourceSKILL.md
68const workOrder = await fetch(`${APPFOLIO_BASE}/work_orders`, {
medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md
71Authorization: `Basic ${Buffer.from(`${process.env.APPFOLIO_CLIENT_ID}:${process.env.APPFOLIO_CLIENT_SECRET}`).toString("base64")}`,
low line 53

Fetch to external URL

SourceSKILL.md
53const properties = await appfolioFetch("/properties?page_size=10");
low line 36

Access to .env file

SourceSKILL.md
36const APPFOLIO_BASE = process.env.APPFOLIO_BASE_URL || "https://yourcompany.appfolio.com/api/v1";
low line 40

Access to .env file

SourceSKILL.md
40`${process.env.APPFOLIO_CLIENT_ID}:${process.env.APPFOLIO_CLIENT_SECRET}`
low line 71

Access to .env file

SourceSKILL.md
71Authorization: `Basic ${Buffer.from(`${process.env.APPFOLIO_CLIENT_ID}:${process.env.APPFOLIO_CLIENT_SECRET}`).toString("base64")}`,
low line 36

External URL reference

SourceSKILL.md
36const APPFOLIO_BASE = process.env.APPFOLIO_BASE_URL || "https://yourcompany.appfolio.com/api/v1";
low line 99

External URL reference

SourceSKILL.md
99- [AppFolio Stack APIs](https://www.appfolio.com/stack/partners/api)
low line 100

External URL reference

SourceSKILL.md
100- [AppFolio Engineering Blog](https://engineering.appfolio.com)
Scanned on May 19, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryreal estate
UpdatedJune 10, 2026
claude-codeapireal-estate-agentproperty-managerreal-estate-analystreal estate
jeremylongshore/claude-code-plugins-plus-skills