ClawHub

Jwt Toolkit

v1.0.0

Decode, inspect, and validate JWT (JSON Web Token) tokens from the command line. Shows header, payload, algorithm, expiry status, and known claim labels. Use...

0· 263·0 current·0 all-time
byJohn Wang@johnnywang2001
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script: a small Python utility that decodes JWT header/payload, reports algorithm and expiry, and prints claim labels. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
SKILL.md instructs only local use of scripts/jwt_decode.py (token via arg, file, or stdin). The runtime instructions do not request other files, environment variables, or sending data to external endpoints.
Install Mechanism
No install spec is present; the shipped script is pure Python stdlib and requires no external packages. No downloads or archive extraction are performed.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not read environment variables or attempt to access unrelated credentials.
Persistence & Privilege
The skill does not request permanent/always-on presence (always: false) and does not modify other skills or system settings. It runs only when invoked.
Assessment
This tool decodes and inspects JWTs locally and does not send data over the network or request credentials. Points to consider before installing: (1) The script does not verify signatures (it reports algorithm and presence/absence of a signature but does not validate using keys/secrets), so it cannot confirm token authenticity—use a verification tool with the appropriate key if you need real signature validation. (2) JWTs often contain sensitive info—avoid pasting production tokens into third-party/shared environments. (3) Because the skill can be invoked by an agent, be mindful where you run it (don’t let an automated agent decode tokens you wouldn’t want exposed).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a0b1mng6g131e48mjd6fda582w8b1
263downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
John Wang@johnnywang2001
latest
Download

JWT Toolkit

Zero-dependency JWT decoder and inspector. Decodes any JWT token and shows header, payload claims, algorithm info, expiry status, and signature details.

Quick Start

# Decode a JWT token
python3 scripts/jwt_decode.py eyJhbGciOiJIUzI1NiIs...

# Read token from file
python3 scripts/jwt_decode.py --file token.txt

# Read from stdin (pipe from curl, etc.)
echo "eyJ..." | python3 scripts/jwt_decode.py --stdin

# JSON output for scripting
python3 scripts/jwt_decode.py eyJ... --format json

# Also handles "Bearer " prefix automatically
python3 scripts/jwt_decode.py "Bearer eyJhbGciOiJIUzI1NiIs..."

Features

  • Decodes header and payload with human-readable claim labels
  • Shows algorithm details and security warnings (e.g., none algorithm)
  • Checks token expiry with remaining time or time-since-expired
  • Recognizes 20+ standard and common claims (iss, sub, aud, roles, scope, etc.)
  • Strips "Bearer " prefix automatically
  • JSON and text output formats
  • No external dependencies — pure Python stdlib

Comments

Loading comments...