Skip to main content

rate-limiting-implementation

Implements rate limiting and throttling mechanisms to protect APIs from abuse and ensure fair resource usage.

Install this skill

or
17/100

Security score

The rate-limiting-implementation skill was audited on Feb 12, 2026 and we found 17 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 200

Eval function call - arbitrary code execution

SourceSKILL.md
200const result = await this.redis.eval(
medium line 127

Template literal with variable interpolation in command context

SourceSKILL.md
127console.log(`Rate limited. Retry after ${waitTime}ms`);
medium line 160

Template literal with variable interpolation in command context

SourceSKILL.md
160const windowKey = `ratelimit:${key}`;
medium line 161

Template literal with variable interpolation in command context

SourceSKILL.md
161const blockKey = `ratelimit:block:${key}`;
medium line 227

Template literal with variable interpolation in command context

SourceSKILL.md
227await this.redis.del(`ratelimit:${key}`, `ratelimit:block:${key}`);
medium line 231

Template literal with variable interpolation in command context

SourceSKILL.md
231const current = await this.redis.get(`ratelimit:${key}`);
medium line 243

Template literal with variable interpolation in command context

SourceSKILL.md
243`user:${userId}`,
medium line 253

Template literal with variable interpolation in command context

SourceSKILL.md
253throw new Error(`Rate limit exceeded. Retry after ${result.retryAfter}s`);
medium line 307

Template literal with variable interpolation in command context

SourceSKILL.md
307message: `Rate limit exceeded. Retry after ${result.retryAfter} seconds.`,
medium line 358

Template literal with variable interpolation in command context

SourceSKILL.md
358keyGenerator: (req) => `search:${req.ip}`,
medium line 366

Template literal with variable interpolation in command context

SourceSKILL.md
366keyGenerator: (req) => `user:${req.user?.id || req.ip}`
medium line 544

Template literal with variable interpolation in command context

SourceSKILL.md
544`${userId}:minute`,
medium line 550

Template literal with variable interpolation in command context

SourceSKILL.md
550`${userId}:hour`,
medium line 556

Template literal with variable interpolation in command context

SourceSKILL.md
556`${userId}:day`,
low line 689

External URL reference

SourceSKILL.md
689- [IETF Rate Limit Headers](https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/)
low line 690

External URL reference

SourceSKILL.md
690- [Redis Rate Limiting Patterns](https://redis.io/docs/manual/patterns/rate-limiter/)
low line 691

External URL reference

SourceSKILL.md
691- [Token Bucket Algorithm](https://en.wikipedia.org/wiki/Token_bucket)
Scanned on Feb 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 55
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackendbackend-developerdevops-sredata-engineerredisdevelopment
NeverSight/skills_feed