ClawHub

Axiom Jwt Inspector

Security checks across malware telemetry and agentic risk

Overview

This JWT tool appears local and non-destructive, but its primary skill description says it does not verify signatures while the code can verify HMAC signatures and create signed JWTs.

Review carefully before installing. The tool does not show exfiltration or destructive behavior, but treat it as a JWT signing and HMAC-verification utility, not a read-only inspector. Do not pass real production JWT secrets on the command line, and do not rely on this as a full JWT validation library for authentication decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill metadata and documentation explicitly claim the tool only decodes and inspects JWTs and does not verify signatures, while the analyzed behavior indicates it can also verify HMAC signatures and generate/sign JWTs. This hidden capability is dangerous because operators may select or trust the skill under a low-risk 'inspection-only' model, while downstream automation could end up performing authentication-relevant actions or minting tokens with user-supplied secrets, creating opportunities for misuse, policy bypass, or unsafe security decisions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README materially contradicts the declared skill scope by advertising HMAC signature verification and JWT creation, while the metadata says the skill is inspect-only and explicitly states no signature verification. This kind of documentation mismatch can cause users or downstream agents to rely on unsupported security behavior, leading to false trust in token validation or unexpected secret-handling workflows.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documentation describes broader behavior than the declared manifest, including HMAC verification and token creation. In a security-sensitive JWT context, scope drift is dangerous because users may assume the tool safely validates authenticity or is approved to handle signing secrets when the published skill contract says otherwise.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill implements HMAC signature verification and JWT creation even though its declared purpose is inspection-only and the metadata explicitly says 'No signature verification'. This capability mismatch is dangerous because downstream agents or users may trust the documented limitations and make unsafe decisions based on incomplete or misleading security expectations.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The module banner states signature verification is unavailable or unsupported in general, but the code later performs HMAC verification for HS256/384/512. This inconsistency can cause users, auditors, or orchestrating agents to misunderstand what trust guarantees the tool provides, leading to incorrect handling of JWTs in security-sensitive workflows.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill manifest explicitly says there is no signature verification, but the implementation includes both HMAC verification and JWT creation. This security-relevant capability mismatch can cause users or downstream agents to make unsafe assumptions about what the skill can do, and it expands the tool from passive inspection into active cryptographic processing and token generation.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The module docstring states that HMAC signature verification is supported, directly contradicting the skill metadata claiming no signature verification. Conflicting security documentation can mislead operators into trusting or distrusting verification results incorrectly, especially around JWT handling where algorithm support and validation scope matter.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
JWT creation is an undeclared capability that exceeds the stated purpose of debugging and inspecting existing tokens. Even if not inherently malicious, hidden token-generation functionality can be abused in environments that assume the skill is read-only, and it increases the attack surface and risk of misuse.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The manifest claims 'No signature verification,' while the codebase tests a `verify_hmac` capability. This contradiction can cause consumers to make incorrect trust decisions about what the skill does, leading to misuse in security-sensitive workflows or omission of proper external verification controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples encourage passing shared secrets directly on the command line, which commonly exposes them via shell history, process listings, logs, and terminal recordings. Because JWT HMAC secrets are credential material, accidental disclosure can let an attacker forge valid tokens for systems using that secret.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal