← Back to Skills Marketplace
kofna3369

Axiom Jwt Inspector

by Kofna3369 · GitHub ↗ · v0.1.2 · MIT-0
cross-platform ⚠ suspicious
39
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install axiom-jwt-inspector
Description
JWT inspector — decode JSON Web Tokens and inspect header, payload, claims, expiration. Use when you need to debug or audit JWTs. Pure stdlib, no LLM. **No s...
README (SKILL.md)

axiom-jwt-inspector

Version: 0.1.2 Axioma Tools

Decodes JWTs and exposes their structure for debugging and auditing.

What this skill does

  • Decodes header (alg, typ, kid, etc.)
  • Decodes payload (claims)
  • Shows expiration status (exp/nbf/iat)
  • Flags common vulnerabilities (alg=none, weak secret)
  • Does NOT verify signatures — debug only

When to use this skill

  • ✅ Debug a JWT you're receiving
  • ✅ Audit token structure before trusting
  • ✅ Inspect expiration/issued-at
  • ❌ Authenticate users (use a JWT lib with sig verification)
  • ❌ Replace pyjwt (this is inspection only)

Usage

python3 axiom_jwt_inspector.py "eyJhbGciOiJIUzI1NiIs..."
python3 axiom_jwt_inspector.py token.txt --json

from axiom_jwt_inspector import inspect_jwt
info = inspect_jwt('eyJhbGciOiJIUzI1NiIs...')
# {'header': {...}, 'payload': {...}, 'expired': False, 'warnings': []}

Validation

Check Status
Unit tests 20+ cases
Performance \x3C100ms
Security Pure stdlib, no injection
Determinism Byte-to-byte stable
License Apache-2.0

Last updated: 2026-06-14

Usage Guidance
Review carefully before installing. The tool does not show exfiltration or destructive behavior, but treat it as a JWT signing and HMAC-verification utility, not a read-only inspector. Do not pass real production JWT secrets on the command line, and do not rely on this as a full JWT validation library for authentication decisions.
Capability Assessment
Purpose & Capability
The marketplace metadata and SKILL files present an inspect-only JWT decoder with no signature verification, but the implementation and README include HMAC verification and JWT creation. That is security-relevant scope drift for an authentication token tool.
Instruction Scope
High-impact JWT signing and verification behavior is available only through implementation/README details, while the main SKILL instructions explicitly tell users it is debug-only and does not verify signatures. Some examples also reference APIs or file behavior not present in the code.
Install Mechanism
No installer, package installation, network setup, background service, or automatic execution was found. The artifact is a small Python script plus documentation and tests.
Credentials
The runtime behavior is local and uses Python stdlib cryptography primitives only, with no network, subprocess, file writes, or credential-store access found. Handling JWT secrets is proportionate only if users understand the tool can sign and verify tokens.
Persistence & Privilege
No persistence, privilege escalation, or long-running worker behavior was found. The README examples pass HMAC secrets directly on the command line, which can expose secrets through shell history or process telemetry.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axiom-jwt-inspector
  3. After installation, invoke the skill by name or use /axiom-jwt-inspector
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Initial publish: JWT decoder/inspector. Pure stdlib, no signature verification.
Metadata
Slug axiom-jwt-inspector
Version 0.1.2
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Axiom Jwt Inspector?

JWT inspector — decode JSON Web Tokens and inspect header, payload, claims, expiration. Use when you need to debug or audit JWTs. Pure stdlib, no LLM. **No s... It is an AI Agent Skill for Claude Code / OpenClaw, with 39 downloads so far.

How do I install Axiom Jwt Inspector?

Run "/install axiom-jwt-inspector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Axiom Jwt Inspector free?

Yes, Axiom Jwt Inspector is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Axiom Jwt Inspector support?

Axiom Jwt Inspector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Axiom Jwt Inspector?

It is built and maintained by Kofna3369 (@kofna3369); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments