Jwt Decoder
Provides JWT guidance and assistance for implementing security and authentication.
Install on your platform
We auto-selected Claude Code based on this skillβs supported platforms.
Run in terminal (recommended)
claude mcp add jwt-decoder npx -- -y @trustedskills/jwt-decoder
Or manually add to ~/.claude/settings.json
{
"mcpServers": {
"jwt-decoder": {
"command": "npx",
"args": [
"-y",
"@trustedskills/jwt-decoder"
]
}
}
}Requires Claude Code (claude CLI). Run claude --version to verify your install.
About This Skill
What it does
The jwt-decoder skill allows an AI agent to decode JSON Web Tokens (JWTs). It extracts claims from a JWT, such as the subject, issuer, and expiration time. This is useful for verifying user authentication and authorization in systems that use JWTs.
When to use it
- Authentication Verification: Determine if a provided JWT is valid and contains expected user information.
- Authorization Checks: Extract roles or permissions from a JWT to control access to resources.
- Token Inspection: Analyze the contents of a JWT for debugging or security auditing purposes.
- Integration with APIs: Decode JWTs received from external APIs to process authenticated requests.
Key capabilities
- Decodes JWT tokens.
- Extracts claims from decoded JWTs.
- Supports standard JWT claim types.
Example prompts
- "Decode this JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJleHAiOjE2OTA3NzYwMDB9.q-Wj_7mU0xVnQvK8zH4rTfJgN1tP6QG5uC3yXhRkL0" - "What is the subject of this JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJleHAiOjE2OTA3NzYwMDB9.q-Wj_7mU0xVnQvK8zH4rTfJgN1tP6QG5uC3yXhRkL0" - βIs this JWT expired:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJleHAiOjE2ODA3NzYwMDB9.q-Wj_7mU0xVnQvK8zH4rTfJgN1tP6QG5uC3yXhRkL0"
Tips & gotchas
- Ensure the AI agent has access to the JWT string for decoding.
- The skill's effectiveness depends on the validity of the JWT itself (signature verification, etc.). It does not perform signature validation.
Tags
TrustedSkills Verification
Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates β what you install today is exactly what was reviewed and verified.
Security Audits
| Gen Agent Trust Hub | Pass |
| Socket | Pass |
| Snyk | Pass |
π Community
Passed automated security scans.