← 返回 Skills 市场
39
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install axiom-jwt-inspector
功能描述
JWT inspector — decode JSON Web Tokens and inspect header, payload, claims, expiration. Use when you need to debug or audit JWTs. Pure stdlib, no LLM. **No s...
使用说明 (SKILL.md)
axiom-jwt-inspector
Version: 0.1.2 Axioma Tools
Decodes JWTs and exposes their structure for debugging and auditing.
What this skill does
- Decodes header (alg, typ, kid, etc.)
- Decodes payload (claims)
- Shows expiration status (exp/nbf/iat)
- Flags common vulnerabilities (alg=none, weak secret)
- Does NOT verify signatures — debug only
When to use this skill
- ✅ Debug a JWT you're receiving
- ✅ Audit token structure before trusting
- ✅ Inspect expiration/issued-at
- ❌ Authenticate users (use a JWT lib with sig verification)
- ❌ Replace pyjwt (this is inspection only)
Usage
python3 axiom_jwt_inspector.py "eyJhbGciOiJIUzI1NiIs..."
python3 axiom_jwt_inspector.py token.txt --json
from axiom_jwt_inspector import inspect_jwt
info = inspect_jwt('eyJhbGciOiJIUzI1NiIs...')
# {'header': {...}, 'payload': {...}, 'expired': False, 'warnings': []}
Validation
| Check | Status |
|---|---|
| Unit tests | 20+ cases |
| Performance | \x3C100ms |
| Security | Pure stdlib, no injection |
| Determinism | Byte-to-byte stable |
| License | Apache-2.0 |
Last updated: 2026-06-14
安全使用建议
Review carefully before installing. The tool does not show exfiltration or destructive behavior, but treat it as a JWT signing and HMAC-verification utility, not a read-only inspector. Do not pass real production JWT secrets on the command line, and do not rely on this as a full JWT validation library for authentication decisions.
能力评估
Purpose & Capability
The marketplace metadata and SKILL files present an inspect-only JWT decoder with no signature verification, but the implementation and README include HMAC verification and JWT creation. That is security-relevant scope drift for an authentication token tool.
Instruction Scope
High-impact JWT signing and verification behavior is available only through implementation/README details, while the main SKILL instructions explicitly tell users it is debug-only and does not verify signatures. Some examples also reference APIs or file behavior not present in the code.
Install Mechanism
No installer, package installation, network setup, background service, or automatic execution was found. The artifact is a small Python script plus documentation and tests.
Credentials
The runtime behavior is local and uses Python stdlib cryptography primitives only, with no network, subprocess, file writes, or credential-store access found. Handling JWT secrets is proportionate only if users understand the tool can sign and verify tokens.
Persistence & Privilege
No persistence, privilege escalation, or long-running worker behavior was found. The README examples pass HMAC secrets directly on the command line, which can expose secrets through shell history or process telemetry.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install axiom-jwt-inspector - 安装完成后,直接呼叫该 Skill 的名称或使用
/axiom-jwt-inspector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Initial publish: JWT decoder/inspector. Pure stdlib, no signature verification.
元数据
常见问题
Axiom Jwt Inspector 是什么?
JWT inspector — decode JSON Web Tokens and inspect header, payload, claims, expiration. Use when you need to debug or audit JWTs. Pure stdlib, no LLM. **No s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 39 次。
如何安装 Axiom Jwt Inspector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install axiom-jwt-inspector」即可一键安装,无需额外配置。
Axiom Jwt Inspector 是免费的吗?
是的,Axiom Jwt Inspector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Axiom Jwt Inspector 支持哪些平台?
Axiom Jwt Inspector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Axiom Jwt Inspector?
由 Kofna3369(@kofna3369)开发并维护,当前版本 v0.1.2。
推荐 Skills