← Back to Skills Marketplace
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ratelint
Description
Rate limiting & API throttling anti-pattern analyzer -- detects missing rate limits, brute force exposure, no backoff strategies, unbounded queues, retry sto...
Usage Guidance
This skill appears to do what it claims: local regex-based scanning for rate‑limit and throttling anti‑patterns. Before installing, note that:
- It will attempt to install or use lefthook (brew lefthook) to add pre-commit / pre-push hooks; these hooks will run scans automatically and modify lefthook.yml in your repo.
- Paid features require RATELINT_LICENSE_KEY; if not set, the skill will look in ~/.openclaw/openclaw.json for a stored key. If you keep other secrets in that file, be aware the skill reads it to extract ratelint.apiKey.
- The scanner is entirely local and uses grep/regex patterns; expect false positives and potential performance impact on large repositories, especially when pre-push triggers a full scan.
Recommendations: review the lefthook.yml changes before committing them, place your license key in the environment or in an appropriate config store you control, and run the scan manually on a small repo first to verify behavior. If you need stricter isolation, run the skill inside a disposable environment or CI job rather than enabling automatic hooks globally.
Capability Analysis
Type: OpenClaw Skill
Name: ratelint
Version: 1.0.0
RateLint is a static analysis tool for detecting rate-limiting and API throttling anti-patterns. The skill operates entirely locally using standard bash utilities like `grep` and `find` to scan codebases against a set of 90 regex patterns defined in `patterns.sh`. It includes legitimate features for CI/CD integration, report generation (HTML/JSON/Markdown), and Git hook management via `lefthook`. The license validation logic in `license.sh` is performed offline using JWT decoding and does not involve any telemetry or external network calls. The tool's behavior, including its access to the standard `~/.openclaw/openclaw.json` configuration file, is consistent with its stated purpose and lacks any indicators of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description (rate‑limit anti‑pattern analyzer) match the included scripts, patterns, and the use of lefthook for git hook integration. Required binaries (git, bash) and the brew dependency (lefthook) are reasonable for the stated functionality.
Instruction Scope
Runtime instructions and scripts perform local file discovery and regex scanning, produce reports, and integrate with git hooks. They do read the user's OpenClaw config (~/.openclaw/openclaw.json) as a license key fallback; that is consistent with the license flow but is an extra config read the user should expect. The pre-commit and pre-push hooks will run scans automatically (pre-push runs a full scan of the working tree), which can be intrusive or slow in large repos.
Install Mechanism
Install specification is a single well-known brew formula (lefthook) to manage git hooks. No downloads from unknown hosts or archive extraction are present. Note: brew usage may be platform-limited (Windows users may need Git Bash / alternate installation).
Credentials
The only declared primary credential is RATELINT_LICENSE_KEY, which the license module legitimately uses to unlock paid tiers. The license module also looks in ~/.openclaw/openclaw.json for a stored key (using python/node/jq fallbacks). Reading that config file is proportionate to retrieving a locally stored license key, but users should be aware the skill will try to read that file (it extracts only ratelint.apiKey).
Persistence & Privilege
The skill does not request 'always: true'. It offers to install lefthook hooks which will modify a repository's lefthook.yml and run lefthook install; this changes repository behavior by adding pre-commit/pre-push scans. This is expected for a linter but is persistent and can affect normal git workflows.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ratelint - After installation, invoke the skill by name or use
/ratelint - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of RateLint: Rate limiting & API throttling anti-pattern analyzer.
- Scans codebases for rate limiting, brute force, throttling, backoff, queue overflow, and DDoS anti-patterns using pattern matching.
- Supports free, Pro, and Team tiers with 30, 60, or 90 patterns across 6 categories.
- Provides CLI with multiple scan modes (`scan`, output in markdown/JSON/HTML, category filtering, verbose, status).
- Integrates with git via lefthook; runs 100% locally with zero telemetry.
- Offers scoring, grading, and actionable remediation on findings; outputs detailed markdown reports.
- Configurable via JSON for severity threshold, ignored patterns/checks, and report format.
Metadata
Frequently Asked Questions
What is ratelint?
Rate limiting & API throttling anti-pattern analyzer -- detects missing rate limits, brute force exposure, no backoff strategies, unbounded queues, retry sto... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.
How do I install ratelint?
Run "/install ratelint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ratelint free?
Yes, ratelint is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ratelint support?
ratelint is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created ratelint?
It is built and maintained by suhteevah (@suhteevah); the current version is v1.0.0.
More Skills