api-rate-limiting

Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.

Quality

68%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./plugins/api-rate-limiting/skills/api-rate-limiting/SKILL.md

Quality

Content

37%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides some useful executable code (TokenBucket class, Express middleware) but fails to deliver on key promises from its description—Redis-based algorithms and sliding window implementations are mentioned but not provided. The workflow is fragmented with no integration guidance or validation steps, and the best practices section adds little value beyond what Claude already knows.

Suggestions

Add a concrete Redis-based rate limiting implementation since it's called out in the skill description and best practices but has no code

Include a workflow section showing how to integrate rate limiting into an existing API: setup steps, testing/validation (e.g., curl commands to verify 429 responses), and monitoring

Remove or significantly trim the 'Best Practices' bullet list—these are generic tips Claude already knows—and replace with a concrete example of tiered limit implementation

Add a sliding window implementation or remove it from the algorithm comparison table to avoid promising content that isn't delivered

Dimension	Reasoning	Score
Conciseness	The algorithm comparison table and tiered limits table are useful and concise, but the 'Best Practices' section is a list of generic advice Claude already knows. The express-rate-limit example is somewhat redundant given Claude's familiarity with common npm packages. Response headers section is informational but not particularly novel.	2 / 3
Actionability	The TokenBucket class is executable and complete, and the Express middleware example is copy-paste ready. However, the sliding window algorithm mentioned in the comparison table has no implementation, Redis-based distributed rate limiting (mentioned in the description) has no concrete code, and the tiered limits section is just a table with no implementation showing how to apply different tiers.	2 / 3
Workflow Clarity	There is no workflow or sequencing for implementing rate limiting end-to-end. The skill presents isolated code snippets without explaining how to integrate them, test them, or validate that rate limiting is working correctly. No validation steps, no error recovery, and no guidance on how to verify the implementation under load.	1 / 3
Progressive Disclosure	The content is reasonably structured with clear section headers and a logical flow from algorithms to implementation to best practices. However, there are no references to external files for deeper topics like Redis-based distributed limiting or load testing, and the content is somewhat monolithic for the breadth of topics it tries to cover.	2 / 3
	Total	7 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly communicates specific capabilities (rate limiting algorithms), uses natural trigger terms developers would search for, and includes an explicit 'Use when' clause with well-defined scenarios. It is concise, uses third-person voice correctly, and occupies a distinct niche that minimizes conflict with other skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions and algorithms: 'token bucket, sliding window, and Redis-based algorithms' along with specific purposes like 'protect against abuse', 'securing public APIs', 'implementing tiered access', and 'preventing denial-of-service attacks'.	3 / 3
Completeness	Clearly answers both 'what' (implements API rate limiting using specific algorithms) and 'when' (explicit 'Use when' clause covering securing public APIs, implementing tiered access, or preventing DoS attacks).	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'rate limiting', 'token bucket', 'sliding window', 'Redis', 'public APIs', 'tiered access', 'denial-of-service', and 'abuse'. These cover both high-level concepts and specific algorithm names a developer would mention.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with a clear niche around API rate limiting with specific algorithm names (token bucket, sliding window, Redis-based). Unlikely to conflict with general API or security skills due to the specificity of the domain and trigger terms.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: secondsky/claude-skills
Commit: 5e92b71

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.