CtrlK
BlogDocsLog inGet started
Tessl Logo

jwt-token-validator

Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill jwt-token-validator
What are skills?

Overall
score

19%

Review4%

Does it follow best practices?

Validation11 / 16 Passed

Validation for skill structure

SKILL.md
Review
Evals

Activation

7%

This description is severely underdeveloped, essentially just restating the skill name without explaining what it actually does or when to use it. It lacks any concrete actions, meaningful trigger terms, or usage guidance. The duplicate trigger term suggests this may be auto-generated boilerplate that was never properly filled in.

Suggestions

Add specific actions the skill performs, e.g., 'Validates JWT token signatures, decodes payloads, checks expiration claims, and verifies issuer/audience claims.'

Include a 'Use when...' clause with natural trigger terms like 'verify JWT', 'decode token', 'check token expiration', 'validate bearer token', 'parse JWT'.

Remove the duplicate trigger term and replace with varied, user-natural phrases that would indicate JWT validation needs.

DimensionReasoningScore

Specificity

The description only names the skill ('Jwt Token Validator') without describing any concrete actions. There are no specific capabilities listed like 'validate signatures', 'decode payloads', or 'check expiration'.

1 / 3

Completeness

The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' line is redundant and not a proper use-case explanation.

1 / 3

Trigger Term Quality

The trigger terms are just the skill name repeated twice ('jwt token validator, jwt token validator'). Missing natural variations users would say like 'verify JWT', 'decode token', 'check JWT signature', 'parse bearer token'.

1 / 3

Distinctiveness Conflict Risk

While 'JWT' is a specific technology domain that provides some distinctiveness, the lack of specific actions means it could overlap with general security or authentication skills. The 'Security Fundamentals' category mention is too broad.

2 / 3

Total

5

/

12

Passed

Implementation

0%

This skill content is essentially a placeholder template with no actual JWT validation guidance. It describes what a skill should do rather than providing any actionable instructions, code examples, or security-specific guidance for validating JWT tokens. The content would be completely unhelpful for actually implementing JWT validation.

Suggestions

Add executable code examples showing JWT validation in at least one language (e.g., Python with PyJWT or Node.js with jsonwebtoken), including signature verification and claims validation

Include a clear workflow: 1) Extract token, 2) Decode header, 3) Verify signature with appropriate algorithm, 4) Validate standard claims (exp, iat, iss, aud), 5) Handle validation failures

Add security-critical guidance: algorithm confusion attacks (always specify allowed algorithms), key management, clock skew handling, and common JWT vulnerabilities to check for

Remove all generic boilerplate text ('provides automated assistance', 'follows industry best practices') and replace with specific, actionable JWT validation content

DimensionReasoningScore

Conciseness

The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual JWT validation content.

1 / 3

Actionability

There is zero concrete guidance on how to actually validate JWT tokens. No code examples, no specific commands, no validation steps, no library recommendations - just vague descriptions of what the skill supposedly does.

1 / 3

Workflow Clarity

No workflow is provided whatsoever. JWT validation involves multiple steps (decode header, verify signature, check claims, validate expiration) but none of these are mentioned or sequenced.

1 / 3

Progressive Disclosure

The content is a monolithic block of marketing-style text with no structure for actual learning. No references to detailed documentation, no links to examples, and no organization beyond generic section headers.

1 / 3

Total

4

/

12

Passed

Validation

69%

Validation11 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

description_trigger_hint

Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...')

Warning

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

metadata_version

'metadata' field is not a dictionary

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

body_steps

No step-by-step structure detected (no ordered list); consider adding a simple workflow

Warning

Total

11

/

16

Passed

Reviewed

Table of Contents

ActivationImplementationValidation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill