Skip to main content

API Rate Limiting

Implements API rate limiting strategies to prevent abuse and manage traffic effectively, ensuring optimal performance and security.

Install this skill

or
0/100

Security score

The API Rate Limiting skill was audited on Mar 1, 2026 and we found 31 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 266

Template literal with variable interpolation in command context

SourceSKILL.md
266throw new Error(`Rate limit rule ${name} not found`);
medium line 300

Template literal with variable interpolation in command context

SourceSKILL.md
300keyGenerator: (context) => context.userId || `anonymous_${context.ipAddress}`,
medium line 334

Template literal with variable interpolation in command context

SourceSKILL.md
334keyGenerator: (context) => context.userId || `anonymous_${context.ipAddress}`,
medium line 372

Template literal with variable interpolation in command context

SourceSKILL.md
372throw new Error(`Rate limiting algorithm ${rule.algorithm} not found`);
medium line 417

Template literal with variable interpolation in command context

SourceSKILL.md
417console.error(`Error checking rate limit for rule ${ruleName}:`, error);
medium line 443

Template literal with variable interpolation in command context

SourceSKILL.md
443return context.userId || `anonymous_${context.ipAddress}`;
medium line 449

Template literal with variable interpolation in command context

SourceSKILL.md
449return `${context.requestId}_${context.timestamp}`;
medium line 457

Template literal with variable interpolation in command context

SourceSKILL.md
457const penaltyKey = `${key}_penalty`;
medium line 474

Template literal with variable interpolation in command context

SourceSKILL.md
474console.log(`Applied rate limit penalty to ${key}: ${newPenalty} violations, duration: ${penaltyDuration}ms`);
medium line 537

Template literal with variable interpolation in command context

SourceSKILL.md
537return `req_${Date.now()}_${Math.random().toString(36).substring(7)}`;
medium line 614

Template literal with variable interpolation in command context

SourceSKILL.md
614const data = await this.redis.get(`bucket:${key}`);
medium line 619

Template literal with variable interpolation in command context

SourceSKILL.md
619await this.redis.setex(`bucket:${key}`, Math.ceil(bucket.window / 1000), JSON.stringify(bucket));
medium line 623

Template literal with variable interpolation in command context

SourceSKILL.md
623await this.redis.del(`bucket:${key}`);
medium line 627

Template literal with variable interpolation in command context

SourceSKILL.md
627const requests = await this.redis.zrangebyscore(`requests:${key}`, since, '+inf');
medium line 632

Template literal with variable interpolation in command context

SourceSKILL.md
632await this.redis.zadd(`requests:${key}`, timestamp, timestamp);
medium line 633

Template literal with variable interpolation in command context

SourceSKILL.md
633await this.redis.expire(`requests:${key}`, 3600); // 1 hour expiry
medium line 637

Template literal with variable interpolation in command context

SourceSKILL.md
637await this.redis.del(`requests:${key}`);
medium line 641

Template literal with variable interpolation in command context

SourceSKILL.md
641const count = await this.redis.get(`window:${key}:${window}`);
medium line 646

Template literal with variable interpolation in command context

SourceSKILL.md
646const count = await this.redis.incr(`window:${key}:${window}`);
medium line 647

Template literal with variable interpolation in command context

SourceSKILL.md
647await this.redis.expire(`window:${key}:${window}`, Math.ceil(window / 1000) + 60);
medium line 651

Template literal with variable interpolation in command context

SourceSKILL.md
651await this.redis.del(`window:${key}:*`);
medium line 655

Template literal with variable interpolation in command context

SourceSKILL.md
655const data = await this.redis.get(`penalty:${key}`);
medium line 660

Template literal with variable interpolation in command context

SourceSKILL.md
660await this.redis.setex(`penalty:${key}`, Math.ceil((penalty.expiresAt - Date.now()) / 1000), JSON.stringify(penalty));
medium line 664

Template literal with variable interpolation in command context

SourceSKILL.md
664await this.redis.del(`penalty:${key}`);
medium line 703

Template literal with variable interpolation in command context

SourceSKILL.md
703return this.windows.get(`${key}:${window}`) || 0;
medium line 707

Template literal with variable interpolation in command context

SourceSKILL.md
707const current = this.windows.get(`${key}:${window}`) || 0;
medium line 708

Template literal with variable interpolation in command context

SourceSKILL.md
708this.windows.set(`${key}:${window}`, current + 1);
medium line 714

Template literal with variable interpolation in command context

SourceSKILL.md
714if (windowKey.startsWith(`${key}:`)) {
medium line 824

Template literal with variable interpolation in command context

SourceSKILL.md
824message: `High block rate: ${(blockRate * 100).toFixed(2)}%`,
medium line 836

Template literal with variable interpolation in command context

SourceSKILL.md
836message: `Excessive violations from ${topViolator.key}: ${topViolator.violations}`,
medium line 847

Template literal with variable interpolation in command context

SourceSKILL.md
847message: `High average response time: ${this.metrics.averageResponseTime.toFixed(2)}ms`,
Scanned on Mar 1, 2026
View Security Dashboard

Install this skill with one command

/learn @coverage-creatives/api-rate-limiting
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawcodexgithub-copilotchatgptcursorwindsurfclineroo-codeamptraeopencodegooseapibackendbackend-developerdevops-sredata-engineerredismongodbdevelopment
Coverage-Creatives/zeus