← Back to Skills Marketplace
298
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jwt-toolkit
Description
Decode, inspect, and validate JWT (JSON Web Token) tokens from the command line. Shows header, payload, algorithm, expiry status, and known claim labels. Use...
README (SKILL.md)
JWT Toolkit
Zero-dependency JWT decoder and inspector. Decodes any JWT token and shows header, payload claims, algorithm info, expiry status, and signature details.
Quick Start
# Decode a JWT token
python3 scripts/jwt_decode.py eyJhbGciOiJIUzI1NiIs...
# Read token from file
python3 scripts/jwt_decode.py --file token.txt
# Read from stdin (pipe from curl, etc.)
echo "eyJ..." | python3 scripts/jwt_decode.py --stdin
# JSON output for scripting
python3 scripts/jwt_decode.py eyJ... --format json
# Also handles "Bearer " prefix automatically
python3 scripts/jwt_decode.py "Bearer eyJhbGciOiJIUzI1NiIs..."
Features
- Decodes header and payload with human-readable claim labels
- Shows algorithm details and security warnings (e.g.,
nonealgorithm) - Checks token expiry with remaining time or time-since-expired
- Recognizes 20+ standard and common claims (iss, sub, aud, roles, scope, etc.)
- Strips "Bearer " prefix automatically
- JSON and text output formats
- No external dependencies — pure Python stdlib
Usage Guidance
This tool decodes and inspects JWTs locally and does not send data over the network or request credentials. Points to consider before installing: (1) The script does not verify signatures (it reports algorithm and presence/absence of a signature but does not validate using keys/secrets), so it cannot confirm token authenticity—use a verification tool with the appropriate key if you need real signature validation. (2) JWTs often contain sensitive info—avoid pasting production tokens into third-party/shared environments. (3) Because the skill can be invoked by an agent, be mindful where you run it (don’t let an automated agent decode tokens you wouldn’t want exposed).
Capability Analysis
Type: OpenClaw Skill
Name: jwt-toolkit
Version: 1.0.0
The jwt-toolkit is a legitimate utility for decoding and inspecting JSON Web Tokens (JWT). The Python script (scripts/jwt_decode.py) uses only standard libraries, performs no network operations, and contains no evidence of data exfiltration or malicious execution. It correctly identifies security risks like the 'none' algorithm and provides human-readable summaries of token claims and expiry status.
Capability Assessment
Purpose & Capability
Name/description match the included script: a small Python utility that decodes JWT header/payload, reports algorithm and expiry, and prints claim labels. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
SKILL.md instructs only local use of scripts/jwt_decode.py (token via arg, file, or stdin). The runtime instructions do not request other files, environment variables, or sending data to external endpoints.
Install Mechanism
No install spec is present; the shipped script is pure Python stdlib and requires no external packages. No downloads or archive extraction are performed.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not read environment variables or attempt to access unrelated credentials.
Persistence & Privilege
The skill does not request permanent/always-on presence (always: false) and does not modify other skills or system settings. It runs only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install jwt-toolkit - After installation, invoke the skill by name or use
/jwt-toolkit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of jwt-toolkit — a zero-dependency tool to decode and inspect JWT tokens from the command line.
- Decode JWT tokens and display header, payload, algorithm, and signature details
- Inspect known claims with human-readable labels
- Automatically checks expiry status and remaining validity time
- Handles "Bearer" prefixes and standard input, file, or direct string input
- Supports both JSON and human-readable text output formats
- Built in pure Python with no external dependencies
Metadata
Frequently Asked Questions
What is Jwt Toolkit?
Decode, inspect, and validate JWT (JSON Web Token) tokens from the command line. Shows header, payload, algorithm, expiry status, and known claim labels. Use... It is an AI Agent Skill for Claude Code / OpenClaw, with 298 downloads so far.
How do I install Jwt Toolkit?
Run "/install jwt-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Jwt Toolkit free?
Yes, Jwt Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Jwt Toolkit support?
Jwt Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Jwt Toolkit?
It is built and maintained by John Wang (@johnnywang2001); the current version is v1.0.0.
More Skills