appfolio-prod-checklist

Ensures production readiness for AppFolio integrations with a comprehensive checklist covering compliance, error handling, and monitoring.

Install this skill

or

52/100

Security score

The appfolio-prod-checklist skill was audited on May 19, 2026 and we found 16 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 68

Template literal with variable interpolation in command context

SourceSKILL.md

68	const res = await fetch(`${baseUrl}/properties?limit=1`, {

medium line 69

Template literal with variable interpolation in command context

SourceSKILL.md

69	headers: { Authorization: `Bearer ${process.env.APPFOLIO_API_KEY}` },

medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md

71	checks.push({ name: 'API Connectivity', pass: res.ok, detail: res.ok ? 'Connected' : `HTTP ${res.status}` });

medium line 77

Template literal with variable interpolation in command context

SourceSKILL.md

77	const res = await fetch(`${baseUrl}/work_orders?limit=1`, {

medium line 78

Template literal with variable interpolation in command context

SourceSKILL.md

78	headers: { Authorization: `Bearer ${process.env.APPFOLIO_API_KEY}` },

medium line 80

Template literal with variable interpolation in command context

SourceSKILL.md

80	checks.push({ name: 'Work Orders', pass: res.ok, detail: res.ok ? 'Accessible' : `HTTP ${res.status}` });

medium line 82

Template literal with variable interpolation in command context

SourceSKILL.md

82	for (const c of checks) console.log(`[${c.pass ? 'PASS' : 'FAIL'}] ${c.name}: ${c.detail}`);

medium line 40

Webhook reference - potential data exfiltration

SourceSKILL.md

40	- [ ] Webhook endpoints configured for tenant and payment events

low line 65

Access to .env file

SourceSKILL.md

65	const baseUrl = process.env.APPFOLIO_BASE_URL \|\| 'https://api.appfolio.com/v1';

low line 69

Access to .env file

SourceSKILL.md

69	headers: { Authorization: `Bearer ${process.env.APPFOLIO_API_KEY}` },

low line 74

Access to .env file

SourceSKILL.md

74	checks.push({ name: 'API Key Set', pass: !!process.env.APPFOLIO_API_KEY, detail: process.env.APPFOLIO_API_KEY ? 'Present' : 'MISSING' });

low line 78

Access to .env file

SourceSKILL.md

78	headers: { Authorization: `Bearer ${process.env.APPFOLIO_API_KEY}` },

low line 35

External URL reference

SourceSKILL.md

35	- [ ] Production base URL configured (`https://api.appfolio.com/v1`)

low line 65

External URL reference

SourceSKILL.md

65	const baseUrl = process.env.APPFOLIO_BASE_URL \|\| 'https://api.appfolio.com/v1';

low line 99

External URL reference

SourceSKILL.md

99	- [AppFolio Stack APIs](https://www.appfolio.com/stack/partners/api)

low line 100

External URL reference

SourceSKILL.md

100	- [AppFolio Engineering Blog](https://engineering.appfolio.com)

Scanned on May 19, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categoryreal estate

UpdatedJune 10, 2026

claude-code api property-manager real-estate-agent business-development real estate sales

jeremylongshore/claude-code-plugins-plus-skills