NoahAI clinical-trial query
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do its stated clinical-trial search job, but it uses a Noah API token, sends search terms to noah.bio, and may require manually installing the Python requests package.
This looks like a straightforward API-backed clinical-trial search skill. Before installing, make sure you trust the Noah API service and the skill owner, use a revocable API token, and avoid putting unnecessary personal medical information into searches. If the script reports that requests is missing, install it only from a trusted Python package source.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill requires trusting the Noah API service with a valid API token.
The skill requires a Noah API token and sends it as a bearer token for API authentication. This is expected for the stated integration, and the code does not show token logging or unrelated use.
api_token = os.environ.get("NOAH_API_TOKEN", "").strip()
...
"Authorization": f"Bearer {api_token}"Use a scoped, revocable token if available, and remove or rotate it if you no longer use the skill.
Clinical-trial search terms may be transmitted to Noah's service and may also appear in local logs or agent output streams.
The script sends the structured clinical-trial query to an external Noah API endpoint and prints the query payload to stderr. This is purpose-aligned, but clinical search terms can reveal user interests or health-related context.
api_url = r"https://www.noah.bio/api/skills/clinical_trial_search/"
...
print(f"[INFO] Query payload:\n{json.dumps(payload, indent=2)}", file=sys.stderr)
...
requests.post(api_url, headers=headers, json=payload, timeout=30, allow_redirects=False)Avoid including unnecessary personal health details in queries, and review Noah's privacy and retention terms before using sensitive searches.
The skill may not run until an additional Python package is installed, and that package installation is outside the declared install flow.
The script depends on the Python requests package and suggests a manual pip install if it is missing, while the provided install information only declares python3. This is a normal dependency pattern but is not captured in an install spec.
try:
import requests
except ImportError:
print("[ERROR] Missing dependency: requests\nInstall it with: pip install requests", file=sys.stderr)Install dependencies from trusted package sources and consider pinning requests in a local environment if you need reproducible setup.