Paste a JWT and get a security verdict an agent can't reason about from raw base64: alg:none, HS/RS key-confusion, expiry, missing claims, secrets leaked in the payload. Decodes structure only; never logs the token, never verifies the signature.
Free: GET /run?target=...
Deep (paid): GET /pro/run?target=... — pay with a card via /pro/checkout or per-call USDC (x402) on Base.