Skip to main content

loop-breaker

Scaffolds middleware to prevent infinite recursion and runaway loops in serverless Workers, protecting against costly billing impacts.

Install this skill

or
46/100

Security score

The loop-breaker skill was audited on Feb 12, 2026 and we found 14 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 49

Template literal with variable interpolation in command context

SourceSKILL.md
49console.error(`Recursion limit exceeded: depth=${currentDepth}, limit=${maxDepth}`);
medium line 58

Template literal with variable interpolation in command context

SourceSKILL.md
58message: `Recursion depth ${currentDepth} exceeds limit ${maxDepth}`,
medium line 174

Template literal with variable interpolation in command context

SourceSKILL.md
174super(`Recursion limit exceeded: ${ctx.depth} > ${ctx.maxDepth}`);
medium line 181

Template literal with variable interpolation in command context

SourceSKILL.md
181super(`Recursion cycle detected: ${worker} in chain [${chain.join(' -> ')}]`);
medium line 215

Template literal with variable interpolation in command context

SourceSKILL.md
215const key = `${keyPrefix}${messageId}`;
medium line 243

Template literal with variable interpolation in command context

SourceSKILL.md
243console.log(`Skipping duplicate message: ${msg.id}`);
medium line 253

Template literal with variable interpolation in command context

SourceSKILL.md
253console.error(`Failed to process message ${msg.id}:`, error);
medium line 387

Template literal with variable interpolation in command context

SourceSKILL.md
387.prepare(`SELECT * FROM users WHERE id IN (${placeholders})`)
low line 106

Fetch to external URL

SourceSKILL.md
106const response = await fetch('https://other-worker.example.com/process', {
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Scaffold middleware to detect and block Worker self-recursion, infinite fetch chains, and runaway loops. Use this skill when designing Workers that call other Workers, implement webhooks,
low line 102

Webhook reference - potential data exfiltration

SourceSKILL.md
102app.post('/webhook', async (c) => {
medium line 464

Webhook reference - potential data exfiltration

SourceSKILL.md
464| Webhook → same Worker | Recursive billing | Add depth limit |
low line 194

Access to .env file

SourceSKILL.md
194const result = await c.env.DATA_SERVICE.fetchUser(userId, ctx);
low line 106

External URL reference

SourceSKILL.md
106const response = await fetch('https://other-worker.example.com/process', {
Scanned on Feb 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendbackend-developerdevops-sreproduct-managerdevelopmentproduct
majiayu000/claude-skill-registry