rate-limit-validator_skill

This skill tests whether an HTTP endpoint enforces rate limiting by sending bursts and checking for 429s, headers, and response patterns.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill rate-limit-validator

  • _meta.json295 B
  • SKILL.md2.5 KB

Overview

This skill tests whether an HTTP endpoint enforces rate limiting by sending a burst of requests and inspecting responses and headers. It helps you verify gateway or API throttling before production, spotting missing or misconfigured limits quickly. The tool reports HTTP 429 occurrences, Retry-After, and common X-RateLimit headers.

How this skill works

The skill issues a rapid sequence of GET requests to the target endpoint and records response codes to detect throttled requests (HTTP 429). It fetches response headers to check for Retry-After, X-RateLimit-Limit, and X-RateLimit-Remaining, and can measure response-time trends under sustained load. Results summarize allowed vs throttled counts and flag missing headers or timing degradation.

When to use it

  • Before promoting an API or gateway to production to confirm throttling behavior
  • After deploying rate-limit middleware to validate configuration
  • When auditing a third-party service dependency for request limits
  • During threat-model or resilience testing to verify mitigations
  • When troubleshooting inconsistent client-side throttling behavior

Best practices

  • Run tests from an environment representative of real traffic patterns to avoid false negatives
  • Start with conservative request bursts and scale up to avoid harming the service
  • Ensure you have authorization to test the target to avoid unintended disruption or policy violations
  • Record full response headers and timing so you can correlate throttling triggers with deployment changes
  • Complement GET-only checks with additional tests if rate limits vary by method, path, or authentication

Example use cases

  • Validate that a newly configured API gateway returns 429 and Retry-After when limits are exceeded
  • Confirm X-RateLimit headers are present and accurately report remaining quota for client libraries
  • Audit a vendor API to understand how it degrades under burst traffic before integrating
  • Run a quick smoke test in CI after middleware changes to catch regressions in throttling behavior
  • Baseline response-time degradation while performing sustained requests to tune limits

FAQ

No. It only issues GET requests without payloads to avoid changing server state.

Can I use this against third-party services?

Only test services you are authorized to test. The skill is intended for validating your own deployments and permitted audits.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
rate-limit-validator skill by openclaw/skills | VeilStrat