performing-api-rate-limiting-bypass

This document is a practical, actionable guide that enumerates multiple, well-known techniques to bypass API rate limits and identifies header and URL manipulation vectors. It does not contain executable malware or obfuscated code, but it clearly enables abusive behavior (resource exhaustion, large-scale scraping, evasion of throttling) when used against third-party APIs. Treat as high-risk guidance: restrict distribution, apply access controls, and audit any code that automates these techniques. Recommended mitigations: enforce auth-based rate limits, canonicalize inputs (paths, query params, encoding), ignore or sanitize untrusted client IP headers, apply consistent enforcement across methods/versions, and log/alert on anomalous header rotations or encoding patterns.

SUSPICIOUS/HIGH-RISK skill. Its footprint is coherent with its stated purpose, but that purpose is to give an AI agent offensive rate-limit bypass and brute-force testing capability against APIs. No strong signs of malware or credential theft are present, yet the autonomous exploit-oriented behavior makes it unsafe.