jwt-token-validator
Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.
34
3%
Does it follow best practices?
Impact
90%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/jwt-token-validator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that restates the skill name without providing any meaningful detail about capabilities or usage triggers. It lacks concrete actions, natural trigger terms, and explicit guidance on when Claude should select this skill. The repeated trigger term and boilerplate category reference add no value.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Decodes JWT tokens, validates signatures, checks expiration claims, and inspects token payloads.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks to decode, validate, or inspect a JWT, JSON Web Token, bearer token, or needs to verify token signatures and claims.'
Remove the duplicated trigger term and expand with natural variations users would actually say, such as 'JWT', 'JSON Web Token', 'decode token', 'verify token', 'token expiration', 'token claims'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain ('JWT Token Validator') but describes no concrete actions. There is no mention of what the skill actually does—no verbs like 'validate', 'decode', 'verify signatures', 'check expiration', etc. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explicit 'Use when...' clause and no meaningful explanation of capabilities beyond the skill name itself. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'jwt token validator' repeated twice. It misses natural variations users would say such as 'JWT', 'JSON Web Token', 'decode token', 'verify JWT', 'token validation', 'bearer token', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'JWT Token Validator' is fairly specific to a niche domain, which provides some distinctiveness. However, the lack of concrete action descriptions means it could overlap with other security-related skills without clear differentiation. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no substantive content. It consists entirely of auto-generated boilerplate that describes what a JWT token validator skill would do without providing any actual guidance, code, or technical information. It fails on every dimension because there is literally no actionable content about JWT validation.
Suggestions
Add concrete, executable code examples for JWT validation (e.g., using PyJWT or jsonwebtoken) including token decoding, signature verification, and claims validation.
Include a clear workflow: 1) Extract token, 2) Verify signature with appropriate algorithm, 3) Validate claims (exp, iss, aud), 4) Handle errors—with specific code for each step.
Add security-critical guidance: algorithm confusion attacks (alg:none), key management, token expiration handling, and OWASP JWT best practices.
Remove all boilerplate meta-sections (Purpose, When to Use, Example Triggers, Capabilities) and replace with actual technical content that teaches JWT validation.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, repeats 'jwt token validator' excessively, and provides zero actual technical content about JWT validation. | 1 / 3 |
Actionability | There is no concrete code, no commands, no specific JWT validation logic, no library recommendations, and no executable guidance whatsoever. It only describes what the skill would do in abstract terms. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains none. There are no validation checkpoints or any sequenced instructions. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative page with no references to detailed materials, no links to examples, and no structured navigation to deeper content. The sections present are all meta-descriptions rather than actual content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.