api-rate-limiting
Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
Install with Tessl CLI
npx tessl i github:secondsky/claude-skills --skill api-rate-limitingOverall
score
89%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates specific rate limiting algorithms and implementation approaches while providing explicit 'Use when' guidance with natural trigger terms. It uses proper third-person voice and covers both technical implementation details and practical use cases, making it highly distinguishable from other API or security-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'token bucket, sliding window, and Redis-based algorithms' and specific purposes like 'protect against abuse', 'securing public APIs', 'implementing tiered access', 'preventing denial-of-service attacks'. | 3 / 3 |
Completeness | Clearly answers both what ('Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms') and when ('Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'rate limiting', 'token bucket', 'sliding window', 'Redis', 'public APIs', 'tiered access', 'denial-of-service attacks', 'abuse'. These cover both technical terms and problem-oriented language. | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific niche focused on rate limiting algorithms with distinct triggers like 'token bucket', 'sliding window', 'Redis-based', and 'denial-of-service'. Unlikely to conflict with general API or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, concise skill with excellent executable code examples for rate limiting. The main weaknesses are the lack of workflow guidance for implementation decisions and missing details on the Redis-based approach mentioned in best practices. The skill would benefit from clearer decision criteria and validation steps.
Suggestions
Add a decision workflow: 'Choose Token Bucket for burst tolerance, Sliding Window for strict accuracy, Fixed Window for simplicity'
Include Redis-based implementation example since it's recommended for distributed systems but only mentioned in best practices
Add validation steps: how to test rate limiting is working correctly (e.g., curl commands to verify 429 responses)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Content is lean and efficient with no unnecessary explanations. Tables, code examples, and bullet points convey information without padding or explaining concepts Claude already knows. | 3 / 3 |
Actionability | Provides fully executable code for both custom TokenBucket implementation and Express middleware. Code is copy-paste ready with clear configuration values and proper imports. | 3 / 3 |
Workflow Clarity | Presents algorithms and implementations but lacks a clear workflow for choosing between approaches or validation steps. No guidance on testing the rate limiter works correctly or handling edge cases during implementation. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections, but Redis-based distributed rate limiting is mentioned in best practices without implementation details or reference to where to find them. Could benefit from linking to advanced patterns. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 13 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 13 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.