Skillv1.0.0

ClawScan security

Jwt Debugger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:45 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (decode/diagnose JWTs) matches the instructions, but the runtime docs reference undeclared environment variables and contain brittle/incorrect code patterns that could mislead users or mishandle secrets.
Guidance: This skill is coherent with its stated purpose (JWT debugging) but has important practical issues you should consider before using it: (1) SKILL.md expects you to provide $TOKEN, $SECRET, $PUBLIC_KEY, and $EXPECTED_AUD at runtime but the registry metadata doesn't declare these — don't paste secrets into public chat or untrusted consoles. Use environment variables or a secure file with appropriate file permissions. (2) The inline Python contains fragile base64 padding and signature-decoding logic that can produce false negatives/positives; prefer well-maintained libraries (PyJWT / jose) and test on non-production tokens first. (3) The docs mention 'pip install PyJWT[crypto]' but the skill won't install dependencies for you — ensure the proper packages are available in your environment. (4) If you plan to run these snippets, review and fix the padding logic (use (-len(s)) % 4 or equivalent) and signature handling, or use the library API for verification. If these issues bother you or you need safer handling of secrets/dependencies, request a revised skill that (a) declares required inputs, (b) uses robust library calls instead of ad-hoc base64 handling, and (c) documents secure usage patterns.

Review Dimensions

Purpose & Capability: noteName/description and instructions align: this is an instruction-only JWT debugging helper that performs local decoding, validation, diagnosis, comparison, and generation. It does not request unrelated services, binaries, or credentials in the registry metadata. However, the SKILL.md expects runtime variables (TOKEN, SECRET, PUBLIC_KEY, EXPECTED_AUD) even though requires.env lists none — a discrepancy between declared requirements and actual usage.
Instruction Scope: concernSKILL.md provides multiple inline Python snippets that will be executed locally. The scripts reference several shell variables ($TOKEN, $SECRET, $PUBLIC_KEY, $EXPECTED_AUD) and assume the user will supply them, but the skill metadata does not declare them. The code has brittle/incorrect handling of base64 padding and signature decoding (padding logic always appends '=' characters; using fixed '==' padding may fail), and the inline examples suggest installing PyJWT but don't provide an install step. These issues could cause incorrect validation results or runtime errors and may cause users to expose secrets incorrectly if they try different ad-hoc ways to supply inputs.
Install Mechanism: noteNo install spec or code files (instruction-only), which is low risk. The docs reference third-party Python package 'PyJWT[crypto]' (comment 'pip install'), but the skill won't install it automatically. Users must ensure required Python packages are present; the SKILL.md does not provide a reproducible install mechanism.
Credentials: concernThe instructions require sensitive values at runtime (TOKEN, SECRET, PUBLIC_KEY, EXPECTED_AUD) but the skill metadata declares no required environment variables. That mismatch is confusing and could lead users to paste secrets into terminals or into chat. Requiring a secret for HS256 verification is reasonable, but the skill should declare these inputs explicitly and advise secure handling. There are no unrelated credentials requested.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request persistent system privileges, modify other skill configs, or ask to be force-included. No persistence concerns detected.