CtrlK
BlogDocsLog inGet started
Tessl Logo

jwt-token-validator

Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.

34

0.98x
Quality

3%

Does it follow best practices?

Impact

90%

0.98x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/jwt-token-validator/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

2%

Protect an Express API with Token-Based Authentication

JWT authentication middleware

Criteria
Without context
With context

Uses npm JWT library

100%

100%

Algorithm explicitly specified

100%

100%

Rejects 'none' algorithm

100%

100%

Expiry validation

100%

100%

Signature verification

100%

100%

Token format input validation

100%

100%

Error responses without leaking info

75%

100%

Secret via environment variable

100%

100%

Production package.json

100%

100%

Missing token handled

100%

100%

84%

-16%

Security Review: Audit and Harden a JWT Validation Module

JWT vulnerability detection

Criteria
Without context
With context

Hardcoded secret flagged

100%

100%

Algorithm confusion flagged

100%

100%

Algorithm fixed in replacement

100%

100%

Secret via env var in replacement

100%

100%

Error message leakage flagged

100%

0%

Generic errors in replacement

100%

0%

Input validation added

100%

100%

Standards referenced

100%

100%

Expiry checking preserved

100%

100%

Same exported API

100%

100%

Uses npm JWT library

100%

100%

88%

13%

Build a Token Claims Extractor for a Multi-Tenant API

JWT input validation and claims

Criteria
Without context
With context

Uses npm JWT library

100%

100%

Algorithm restricted

0%

100%

Audience validation

100%

100%

Issuer validation

100%

100%

Expiry enforced

100%

100%

Null/undefined input handled

100%

100%

Malformed string handled

100%

100%

Generic error messages

37%

50%

Test covers bad inputs

100%

100%

Secret via environment variable

0%

0%

Production-ready package.json

100%

100%

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

87f14eb

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Protect an Express API with Token-Based AuthenticationSecurity Review: Audit and Harden a JWT Validation ModuleBuild a Token Claims Extractor for a Multi-Tenant API

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill