JWT toolkit
Decode and verify a JWT in one pass — see the payload and check the signature.
When to use this pack
An agent debugging authentication needs to both decode a JWT (see claims, expiry, issuer) and verify the signature. Two operations that always go together, bundled into one payment.
Tools in this pack
-
JWT decode
$0.001
POST /api/jwt-decode
Decode a JWT without verification: header, payload, expiry status, and time remaining. (Decoding only — signatures are NOT verified.)
-
JWT verify (HMAC)
$0.002
POST /api/jwt-verify
Verify an HS256/384/512 JWT signature against a secret and check expiry. Returns valid + decoded payload. (HMAC algorithms only.)
Workflow
- Call jwt-decode to extract the header (algorithm, type) and payload (claims, expiry) without verification.
- Call jwt-verify with the token and secret='test' to check whether the signature is valid.
Run it in Claude
claude mcp add agent402 -s user -- npx -y agent402-mcp@latest
Then paste this prompt into Claude:
Analyze this JWT using Agent402's jwt-toolkit skill pack: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0In0.xxx. (1) Decode it to see the claims, (2) verify the signature with secret='test'. Report the payload and verification result.
← All skill packs