appfolio-security-basics

Enhances security for AppFolio API by managing credentials, validating webhooks, and protecting tenant data.

Install this skill

or

67/100

Security score

The appfolio-security-basics skill was audited on May 23, 2026 and we found 13 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 23

Webhook reference - potential data exfiltration

SourceSKILL.md

23	AppFolio manages property portfolios containing tenant PII (SSNs, bank accounts, lease terms), owner financial data, and maintenance vendor records. A breach exposes rent rolls, payment histories, and

medium line 46

Webhook reference - potential data exfiltration

SourceSKILL.md

46	## Webhook Signature Verification

low line 51

Webhook reference - potential data exfiltration

SourceSKILL.md

51	function verifyAppFolioWebhook(req: Request, res: Response, next: NextFunction): void {

low line 53

Webhook reference - potential data exfiltration

SourceSKILL.md

53	const secret = process.env.APPFOLIO_WEBHOOK_SECRET!;

medium line 101

Webhook reference - potential data exfiltration

SourceSKILL.md

101	- [ ] Webhook signatures verified on every inbound request

medium line 112

Webhook reference - potential data exfiltration

SourceSKILL.md

112	\| Unvalidated webhook payloads \| Spoofed tenant updates \| HMAC signature verification \|

low line 32

Access to .env file

SourceSKILL.md

32	const clientId = process.env.APPFOLIO_CLIENT_ID;

low line 33

Access to .env file

SourceSKILL.md

33	const clientSecret = process.env.APPFOLIO_CLIENT_SECRET;

low line 34

Access to .env file

SourceSKILL.md

34	const baseUrl = process.env.APPFOLIO_BASE_URL;

low line 53

Access to .env file

SourceSKILL.md

53	const secret = process.env.APPFOLIO_WEBHOOK_SECRET!;

medium line 98

Access to .env file

SourceSKILL.md

98	- [ ] API credentials stored in secrets manager, not `.env` in production

low line 119

External URL reference

SourceSKILL.md

119	- [AppFolio Stack APIs](https://www.appfolio.com/stack/partners/api)

low line 120

External URL reference

SourceSKILL.md

120	- [OWASP API Security Top 10](https://owasp.org/www-project-api-security/)

Scanned on May 23, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categoryreal estate

UpdatedJune 10, 2026

claude claude-code frontend design stripe docx api mobile real-estate-agent property-manager security-engineer data-analyst compliance-officer real estate development data analytics legal

jeremylongshore/claude-code-plugins-plus-skills