首页龙虾技能列表 › Rate Limiting

Rate Limiting

v1.0.0

Deep rate limiting workflow—identifying actors and resources, choosing algorithms, distributed vs local limits, client UX (headers, retries), and abuse detec...

0· 101·0 当前·0 累计
by @codekungfu (ClawKK)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/25
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
This is an instruction-only design/workflow guide for rate limiting; its requirements and instructions are coherent with its stated purpose and it does not request credentials, install software, or perform I/O.
评估建议
This skill is a low-risk, instruction-only design guide for rate limiting. It does not install software or ask for credentials. You should: (1) confirm the content aligns with your organization's policies and tech stack before applying changes, (2) test any recommended algorithms/configs in a staging environment, and (3) consider the author/source trustworthiness (no homepage provided) if you require provenance for compliance or internal policy reasons.
详细分析 ▾
用途与能力
Name and description match the SKILL.md content: a multi-stage rate-limiting design workflow. The skill requests no binaries, env vars, or config paths, which is appropriate for a guidance-only skill.
指令范围
Runtime instructions are purely advisory (six-stage workflow, checklists, tips). They do not instruct the agent to read files, access secrets, contact external endpoints, or execute commands—staying within the stated purpose.
安装机制
No install spec and no code files are present (instruction-only). That minimizes disk writes and execution risk and is appropriate for a documentation-style skill.
凭证需求
The skill requests no environment variables, credentials, or config paths. Mentions of technologies (Redis, CDNs, headers) are contextual only and do not imply access to those systems.
持久化与权限
always is false and the skill does not request elevated or persistent privileges. Autonomous model invocation is allowed by platform default but this skill's instruction-only nature limits what it can do.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/25

- Initial release of the "rate-limiting" workflow skill. - Guides users through a deep, 6-stage process: threat & fairness modeling, key/dimension selection, algorithm choice, distributed enforcement, client experience, and observability. - Designed for protecting APIs, gateways, and multi-tenant SaaS workloads. - Includes best practices, example policies, review checklists, and advice for handling common deviations.

● 无害

安装命令 点击复制

官方npx clawhub@latest install rate-limiting
镜像加速npx clawhub@latest install rate-limiting --registry https://cn.clawhub-mirror.com

技能文档

Rate limits balance fairness, availability, and abuse prevention. Design explicitly: who is throttled, what resource is limited, and how clients should back off.

When to Offer This Workflow

Trigger conditions:

  • Protecting public APIs, auth endpoints, or expensive operations
  • Multi-tenant “noisy neighbor” isolation
  • Retry storms after incidents causing cascading 429/502

Initial offer:

Use six stages: (1) threat & fairness model, (2) dimensions & keys, (3) algorithms & config, (4) distributed enforcement, (5) client protocol & UX, (6) observability & tuning). Confirm enforcement layer (API gateway vs app middleware vs edge).

Stage 1: Threat & Fairness Model

Goal: Distinguish legitimate bursts (batch jobs, mobile retries) from abuse; align limits with product tiers and SLAs.

Exit condition: Written policy: free vs paid limits, partner caps, burst allowances.

Stage 2: Dimensions & Keys

Goal: Choose stable limit keys: authenticated user id > API key > IP (with shared-NAT caveats).

Practices

  • Per-tenant and global limits; separate expensive routes (exports, search)

Stage 3: Algorithms & Config

Goal: Token bucket / leaky bucket for smooth bursts; sliding window for strict per-minute caps; consider concurrency limits separately from request rate.

Stage 4: Distributed Enforcement

Goal: Central store (Redis, etc.) with atomic increments; handle multi-region (sticky routing vs shared counters); mind clock skew.

Stage 5: Client Protocol & UX

Goal: Consistent 429 responses with Retry-After; document exponential backoff + jitter; optional X-RateLimit-* headers for transparency.

Stage 6: Observability & Tuning

Goal: Metrics on throttles by route and actor class; alerts on abnormal deny spikes (attack vs misconfigured client).

Final Review Checklist

  • [ ] Policy matches tiers and fairness goals
  • [ ] Limit keys stable and hard to spoof
  • [ ] Algorithm matches burst vs sustained semantics
  • [ ] Distributed correctness considered
  • [ ] Client-facing 429 behavior documented
  • [ ] Metrics and tuning loop defined

Tips for Effective Guidance

  • Coordinate with authentication—anonymous IP limits are coarse.
  • Don’t throttle health checks in ways that break monitors.
  • GraphQL: consider query cost / depth limits, not only HTTP count.
  • WebSockets: separate connection caps from message rate limits.

Handling Deviations

  • Edge/CDN: limits may differ from origin—document both layers.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务