- Home
- Skills
- Harperaa
- Secure Claude Skills
- Resource Exhaustion
resource-exhaustion_skill
- JavaScript
4
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill harperaa/secure-claude-skills --skill resource-exhaustion- SKILL.md21.8 KB
Overview
This skill teaches how to find, understand, and mitigate resource exhaustion and denial-of-service (DoS) vulnerabilities in AI-generated JavaScript code. It focuses on common failure modes like unbounded loops, missing rate limits, unchecked uploads, and expensive API usage. You’ll get practical controls, patterns, and code-level defenses to prevent crashes and runaway costs.
How this skill works
The skill inspects typical AI-generated patterns and highlights where functionality-first code can exhaust CPU, memory, network, or API budget. It explains concrete mitigations: input validation, size/time limits, rate limiting, job queues, whitelists, and fail-safe timeouts. Code snippets and configuration examples show how to apply limits and replace dangerous patterns with controlled implementations.
When to use it
- When reviewing AI-generated endpoints that process files, images, or large payloads
- When designing features that call costly third-party AI APIs
- When hardening upload, batch-processing, or recursive code paths against abuse
- When implementing rate limiting, queuing, or concurrency controls
- When assessing production cost risk from unbounded user input
Best practices
- Validate and whitelist inputs: URLs, file types, operation names, and sizes before processing
- Set strict resource limits: max file size, max dimensions, max operations, timeouts, and concurrency caps
- Use rate limiting and per-user quotas to prevent mass abuse and API cost spikes
- Queue expensive jobs and limit concurrent workers; return job IDs instead of processing synchronously
- Apply defensive timeouts and abort controllers for network calls and long-running operations
- Monitor usage and set automatic spend alerts and API usage caps for third-party services
Example use cases
- Secure an image-processing endpoint: reject oversized images, restrict operations, and queue work
- Protect an AI summarization API: enforce text length, per-user daily limits, and shorter model/timeouts
- Harden file upload routes: validate MIME types and reject files over configured size limits
- Prevent DB overload: add pagination, max limits, and indexed queries before returning results
- Mitigate recursive rendering: limit recursion depth or convert to iterative traversal before rendering
FAQ
Base limits on expected user needs and resource capacity: e.g., 10MB file size, 5 operations, 30s processing timeout. Start conservative and adjust with metrics.
Will rate limiting hurt user experience?
Not if you apply reasonable per-user windows and provide clear error messages and retry guidance. Use queues to preserve UX for longer jobs.
How to prevent costly third-party API abuse?
Combine per-user quotas, API spend alerts, cheaper model fallbacks, max_tokens limits, and server-side tracking to stop runaway costs.