ai.smithery/CryptoCultCurt-appfolio-mcp-server

7.0

Provide seamless access to Appfolio Property Manager Reporting API through a standardized MCP serv…

streamable-httpai-ml developer-tools cloud finance analytics

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-cryptocultcurt-appfolio-mcp-server": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@CryptoCultCurt/appfolio-mcp-server/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-cryptocultcurt-appfolio-mcp-server": {
      "url": "https://server.smithery.ai/@CryptoCultCurt/appfolio-mcp-server/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Incomplete and Truncated Description

The server description is cut off mid-sentence ('...through a standardized MCP serv…'), making it impossible to fully understand the server's purpose, scope, and capabilities.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented.

medium

excessive-scope

Broad API Access Claims

Server claims to provide 'seamless access' to Appfolio Property Manager Reporting API. Without tool definitions visible, the actual scope and constraints of this access cannot be verified.

medium

vague-description

No Tools or Resources Defined

Server reports 0 tools and no resources. Either the server is non-functional, or tool definitions were not fetched. This prevents security analysis of actual capabilities.

low

info

Positive Trust Signal: Repository Available

Server has an associated GitHub repository, allowing for source code review and transparency.

info

vague-description

Semantic Analysis Summary

This server presents moderate security concerns due to its remote HTTP endpoint without documented authentication, truncated description preventing full scope assessment, and unavailable tool definitions. While the presence of a GitHub repository is a positive trust signal, the inability to verify actual capabilities and the internet-exposed endpoint warrant caution. Recommend reviewing the source code and obtaining complete tool definitions before deployment.

Last scanned 1h ago

Details

Version: 1.0.1
Transport: streamable-http
Capabilities
Repository: CryptoCultCurt/appfolio-mcp-server