← Back to Skills Marketplace
Firm Medtech Pack
by
romainsantoli-web
· GitHub ↗
· v1.0.0
449
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install firm-medtech-pack
Description
Curated skill bundle for medical device companies, digital health startups and pharma R&D teams. Activates the firm pyramid with RA (Regulatory Affairs), Cli...
README (SKILL.md)
firm-medtech-pack
Sector bundle for medical technology & digital health environments.
Activated departments
| Department | Services activated | Focus |
|---|---|---|
| RA | Regulatory Affairs · Compliance Legal | FDA 510(k), CE Marking, MDR |
| Research Development | Research Discovery · R&D Prototyping | Clinical evidence, biomarker research |
| Quality | Compliance Auditing · Reliability · Security | ISO 13485, IEC 62304 |
| Legal | Privacy/Data Protection · IP | HIPAA, patient data, patents |
| Operations | Documentation · SRE/Incident | DHF, adverse event reporting |
Recommended ClawHub skills to install alongside
npx clawhub@latest install academic-research # PubMed / clinical trial search
npx clawhub@latest install admet-prediction # Drug candidate ADMET analysis
npx clawhub@latest install pdf-documents # Clinical study PDF parsing
npx clawhub@latest install arc-security-audit # 21 CFR Part 11 audit trail
npx clawhub@latest install firm-orchestration # A2A orchestration backbone
Firm configuration overlay
{
"agent": {
"model": "anthropic/claude-opus-4-6",
"workspace": "~/.openclaw/workspace/medtech-firm"
},
"agents": {
"defaults": {
"sandbox": { "mode": "non-main" }
}
}
}
Prompt: regulatory submission prep
Use firm-orchestration with:
objective: "Prepare 510(k) substantial equivalence summary for continuous glucose monitor"
departments: ["ra", "research_development", "quality"]
constraints: ["FDA guidance K020431 reference", "predicate device: Dexcom G6"]
definition_of_done: "510(k) summary draft with predicate comparison table"
delivery_format: "structured_document"
Prompt: adverse event review
Use firm-orchestration with:
objective: "Classify and triage Q4 adverse event reports against MDR Art. 87"
departments: ["ra", "quality", "legal"]
constraints: ["read-only access", "anonymize patient identifiers in output"]
definition_of_done: "Triage matrix with reportability decisions per event"
delivery_format: "markdown_report"
Regulatory coverage
| Standard | Department | Service |
|---|---|---|
| FDA 510(k) / PMA | RA | Regulatory Affairs |
| EU MDR 2017/745 | RA + Legal | Regulatory + Privacy |
| ISO 13485:2016 | Quality | Compliance Auditing |
| IEC 62304 | Engineering | AI Engineering |
| HIPAA | Legal | Privacy/Data Protection |
| 21 CFR Part 11 | Quality | Security |
| ISO 14971 | RA + Quality | Risk Management |
Security notes
- PHI (Protected Health Information):
SECURE_PRODUCTION_MODE=truemandatory - All outputs must be anonymized: enforce via
POLICY_BLOCKED_TOOLSfor export - Audit trail required by 21 CFR Part 11:
AUDIT_ENABLED=true
💎 Support
Si ce skill vous est utile, vous pouvez soutenir le développement :
Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq
Usage Guidance
This skill appears to be a coherent medtech firm bundle, but several important safety controls are only mentioned in prose and not enforced or declared in the metadata. Before installing or using it: (1) verify and require the safety env vars it mentions (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, POLICY_BLOCKED_TOOLS) and confirm where/how they are enforced; (2) review any companion packages the SKILL.md recommends installing (npx ... install) — inspect their source and pinned versions rather than using @latest; (3) confirm the trustworthiness of firm-orchestration and the recommended skills (they will be able to run actions and access workflows); (4) ensure the workspace path and any data the agents will access are appropriately isolated and that anonymization is tested; (5) ask the author to update the skill metadata to declare required env vars and config paths (so the platform can surface them at install time). If you handle PHI, treat this skill as requiring additional vetting and do not deploy in production until the above are resolved.
Capability Analysis
Type: OpenClaw Skill
Name: firm-medtech-pack
Version: 1.0.0
The skill bundle is classified as suspicious due to its declaration of powerful tools, specifically `sessions_spawn` and `sessions_send`, within the `SKILL.md` file. While there are no explicit malicious instructions or prompt injections within the provided content, these tools grant the AI agent the capability to execute arbitrary shell commands and send data, respectively. The `firm configuration overlay` also specifies a `non-main` sandbox mode, confirming that the agent will operate with system interaction capabilities, which could be exploited through prompt injection vulnerabilities if the agent is given a malicious prompt by a user. This represents a significant security risk, even if not intentionally malicious within the bundle itself.
Capability Assessment
Purpose & Capability
The declared purpose (a firm bundle for RA/Clinical/Quality workflows) matches the prompts and recommended companion skills (firm-orchestration, pdf parsing, audit tools). However the SKILL.md references a persistent workspace (~/.openclaw/workspace/medtech-firm) and enforcement variables (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, POLICY_BLOCKED_TOOLS) that are not declared in the skill metadata, which is an inconsistency between claimed operational needs and the declared requirements.
Instruction Scope
Runtime instructions recommend running npx clawhub@latest install ... (downloading/installing other packages) and reference specific workspace paths and enforcement flags. The skill asks users to enforce anonymization and audit settings but does not provide an automated or declared mechanism to do so. It also lists tools (sessions_send, sessions_spawn, sessions_history) that enable session-level actions — expected for orchestration but worth noting because these increase what the agent can do if invoked.
Install Mechanism
The skill itself has no install spec or code files (instruction-only), which minimizes direct install risk. However it explicitly recommends running npx to install multiple companion skills; those commands will fetch code from registries and should be reviewed before execution. The skill does not pin versions (uses @latest), increasing supply-chain/upgrade risk.
Credentials
The SKILL.md effectively requires operational environment flags for safe PHI handling (SECURE_PRODUCTION_MODE=true, AUDIT_ENABLED=true, POLICY_BLOCKED_TOOLS) but the metadata lists no required env vars or config paths. This mismatch means a user could enable the skill without the necessary safety controls. No secrets are requested, which is good, but the omitted declaration of critical safety settings is problematic given the PHI/regulatory context.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide changes. It lists session-related tools which are reasonable for an orchestration bundle but increase the agent's action surface if the agent is allowed to invoke the skill autonomously. This by itself is not a disqualifying concern, but combined with the other inconsistencies it raises the potential blast radius.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install firm-medtech-pack - After installation, invoke the skill by name or use
/firm-medtech-pack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Curated skill bundle for medical device, digital health, and pharma sectors.
- Activates firm pyramid with pre-configured agents for RA, Clinical, R&D, and Quality.
- Focused on FDA/CE compliance, clinical documentation, and pharmacovigilance workflows.
- Provides example firm configuration overlays and prompt templates for common regulatory tasks.
- Summarizes relevant regulatory standards and security best practices.
- Lists recommended complementary skills for research, ADMET analysis, PDF parsing, and compliance.
Metadata
Frequently Asked Questions
What is Firm Medtech Pack?
Curated skill bundle for medical device companies, digital health startups and pharma R&D teams. Activates the firm pyramid with RA (Regulatory Affairs), Cli... It is an AI Agent Skill for Claude Code / OpenClaw, with 449 downloads so far.
How do I install Firm Medtech Pack?
Run "/install firm-medtech-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Firm Medtech Pack free?
Yes, Firm Medtech Pack is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Firm Medtech Pack support?
Firm Medtech Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Firm Medtech Pack?
It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.
More Skills