NoahAI clinical-trial query
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill requires trusting the Noah API service with a valid API token.
The skill requires a Noah API token and sends it as a bearer token for API authentication. This is expected for the stated integration, and the code does not show token logging or unrelated use.
api_token = os.environ.get("NOAH_API_TOKEN", "").strip()
...
"Authorization": f"Bearer {api_token}"Use a scoped, revocable token if available, and remove or rotate it if you no longer use the skill.
Clinical-trial search terms may be transmitted to Noah's service and may also appear in local logs or agent output streams.
The script sends the structured clinical-trial query to an external Noah API endpoint and prints the query payload to stderr. This is purpose-aligned, but clinical search terms can reveal user interests or health-related context.
api_url = r"https://www.noah.bio/api/skills/clinical_trial_search/"
...
print(f"[INFO] Query payload:\n{json.dumps(payload, indent=2)}", file=sys.stderr)
...
requests.post(api_url, headers=headers, json=payload, timeout=30, allow_redirects=False)Avoid including unnecessary personal health details in queries, and review Noah's privacy and retention terms before using sensitive searches.
The skill may not run until an additional Python package is installed, and that package installation is outside the declared install flow.
The script depends on the Python requests package and suggests a manual pip install if it is missing, while the provided install information only declares python3. This is a normal dependency pattern but is not captured in an install spec.
try:
import requests
except ImportError:
print("[ERROR] Missing dependency: requests\nInstall it with: pip install requests", file=sys.stderr)Install dependencies from trusted package sources and consider pinning requests in a local environment if you need reproducible setup.