resource-exhaustion_skill

This skill helps identify and mitigate resource exhaustion and DoS risks in AI-generated code by applying rate limits, quotas, and secure processing.
  • JavaScript

4

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill harperaa/secure-claude-skills --skill resource-exhaustion

  • SKILL.md21.8 KB

Overview

This skill teaches how to find, understand, and mitigate resource exhaustion and denial-of-service (DoS) vulnerabilities in AI-generated JavaScript code. It focuses on common failure modes like unbounded loops, missing rate limits, unchecked uploads, and expensive API usage. You’ll get practical controls, patterns, and code-level defenses to prevent crashes and runaway costs.

How this skill works

The skill inspects typical AI-generated patterns and highlights where functionality-first code can exhaust CPU, memory, network, or API budget. It explains concrete mitigations: input validation, size/time limits, rate limiting, job queues, whitelists, and fail-safe timeouts. Code snippets and configuration examples show how to apply limits and replace dangerous patterns with controlled implementations.

When to use it

  • When reviewing AI-generated endpoints that process files, images, or large payloads
  • When designing features that call costly third-party AI APIs
  • When hardening upload, batch-processing, or recursive code paths against abuse
  • When implementing rate limiting, queuing, or concurrency controls
  • When assessing production cost risk from unbounded user input

Best practices

  • Validate and whitelist inputs: URLs, file types, operation names, and sizes before processing
  • Set strict resource limits: max file size, max dimensions, max operations, timeouts, and concurrency caps
  • Use rate limiting and per-user quotas to prevent mass abuse and API cost spikes
  • Queue expensive jobs and limit concurrent workers; return job IDs instead of processing synchronously
  • Apply defensive timeouts and abort controllers for network calls and long-running operations
  • Monitor usage and set automatic spend alerts and API usage caps for third-party services

Example use cases

  • Secure an image-processing endpoint: reject oversized images, restrict operations, and queue work
  • Protect an AI summarization API: enforce text length, per-user daily limits, and shorter model/timeouts
  • Harden file upload routes: validate MIME types and reject files over configured size limits
  • Prevent DB overload: add pagination, max limits, and indexed queries before returning results
  • Mitigate recursive rendering: limit recursion depth or convert to iterative traversal before rendering

FAQ

Base limits on expected user needs and resource capacity: e.g., 10MB file size, 5 operations, 30s processing timeout. Start conservative and adjust with metrics.

Will rate limiting hurt user experience?

Not if you apply reasonable per-user windows and provide clear error messages and retry guidance. Use queues to preserve UX for longer jobs.

How to prevent costly third-party API abuse?

Combine per-user quotas, API spend alerts, cheaper model fallbacks, max_tokens limits, and server-side tracking to stop runaway costs.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational