diff --git a/verify.js b/verify.js
index cdbfdc4..3f27a17 100644
--- a/verify.js
+++ b/verify.js
@@ -28,7 +28,6 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
     options = {};
   }
 
-  //clone this object since we are going to mutate it.
   options = Object.assign({}, options);
 
   let done;
@@ -46,6 +45,12 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
     return done(new JsonWebTokenError('clockTimestamp must be a number'));
   }
 
+  if (options.clockTolerance !== undefined && options.clockTolerance > 300) {
+    return done(new JsonWebTokenError(
+      'clockTolerance must not exceed 300 seconds to prevent accidental expiry bypass'
+    ));
+  }
+
   if (options.nonce !== undefined && (typeof options.nonce !== 'string' || options.nonce.trim() === '')) {
     return done(new JsonWebTokenError('nonce must be a non-empty string'));
   }
@@ -260,4 +265,4 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
 
     return done(null, payload);
   });
-};
+};
\ No newline at end of file