← 返回 Skills 市场

Firm Medtech Pack

Name: Firm Medtech Pack
Author: romainsantoli-web

作者 romainsantoli-web · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

449

总下载

当前安装

版本数

在 OpenClaw 中安装

/install firm-medtech-pack

功能描述

Curated skill bundle for medical device companies, digital health startups and pharma R&D teams. Activates the firm pyramid with RA (Regulatory Affairs), Cli...

使用说明 (SKILL.md)

firm-medtech-pack

Sector bundle for medical technology & digital health environments.

Activated departments

Department	Services activated	Focus
RA	Regulatory Affairs · Compliance Legal	FDA 510(k), CE Marking, MDR
Research Development	Research Discovery · R&D Prototyping	Clinical evidence, biomarker research
Quality	Compliance Auditing · Reliability · Security	ISO 13485, IEC 62304
Legal	Privacy/Data Protection · IP	HIPAA, patient data, patents
Operations	Documentation · SRE/Incident	DHF, adverse event reporting

Recommended ClawHub skills to install alongside

npx clawhub@latest install academic-research        # PubMed / clinical trial search
npx clawhub@latest install admet-prediction         # Drug candidate ADMET analysis
npx clawhub@latest install pdf-documents            # Clinical study PDF parsing
npx clawhub@latest install arc-security-audit       # 21 CFR Part 11 audit trail
npx clawhub@latest install firm-orchestration       # A2A orchestration backbone

Firm configuration overlay

{
  "agent": {
    "model": "anthropic/claude-opus-4-6",
    "workspace": "~/.openclaw/workspace/medtech-firm"
  },
  "agents": {
    "defaults": {
      "sandbox": { "mode": "non-main" }
    }
  }
}

Prompt: regulatory submission prep

Use firm-orchestration with:
  objective: "Prepare 510(k) substantial equivalence summary for continuous glucose monitor"
  departments: ["ra", "research_development", "quality"]
  constraints: ["FDA guidance K020431 reference", "predicate device: Dexcom G6"]
  definition_of_done: "510(k) summary draft with predicate comparison table"
  delivery_format: "structured_document"

Prompt: adverse event review

Use firm-orchestration with:
  objective: "Classify and triage Q4 adverse event reports against MDR Art. 87"
  departments: ["ra", "quality", "legal"]
  constraints: ["read-only access", "anonymize patient identifiers in output"]
  definition_of_done: "Triage matrix with reportability decisions per event"
  delivery_format: "markdown_report"

Regulatory coverage

Standard	Department	Service
FDA 510(k) / PMA	RA	Regulatory Affairs
EU MDR 2017/745	RA + Legal	Regulatory + Privacy
ISO 13485:2016	Quality	Compliance Auditing
IEC 62304	Engineering	AI Engineering
HIPAA	Legal	Privacy/Data Protection
21 CFR Part 11	Quality	Security
ISO 14971	RA + Quality	Risk Management

Security notes

PHI (Protected Health Information): SECURE_PRODUCTION_MODE=true mandatory
All outputs must be anonymized: enforce via POLICY_BLOCKED_TOOLS for export
Audit trail required by 21 CFR Part 11: AUDIT_ENABLED=true

💎 Support

Si ce skill vous est utile, vous pouvez soutenir le développement :

Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq

安全使用建议

This skill appears to be a coherent medtech firm bundle, but several important safety controls are only mentioned in prose and not enforced or declared in the metadata. Before installing or using it: (1) verify and require the safety env vars it mentions (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, POLICY_BLOCKED_TOOLS) and confirm where/how they are enforced; (2) review any companion packages the SKILL.md recommends installing (npx ... install) — inspect their source and pinned versions rather than using @latest; (3) confirm the trustworthiness of firm-orchestration and the recommended skills (they will be able to run actions and access workflows); (4) ensure the workspace path and any data the agents will access are appropriately isolated and that anonymization is tested; (5) ask the author to update the skill metadata to declare required env vars and config paths (so the platform can surface them at install time). If you handle PHI, treat this skill as requiring additional vetting and do not deploy in production until the above are resolved.

功能分析

Type: OpenClaw Skill Name: firm-medtech-pack Version: 1.0.0 The skill bundle is classified as suspicious due to its declaration of powerful tools, specifically `sessions_spawn` and `sessions_send`, within the `SKILL.md` file. While there are no explicit malicious instructions or prompt injections within the provided content, these tools grant the AI agent the capability to execute arbitrary shell commands and send data, respectively. The `firm configuration overlay` also specifies a `non-main` sandbox mode, confirming that the agent will operate with system interaction capabilities, which could be exploited through prompt injection vulnerabilities if the agent is given a malicious prompt by a user. This represents a significant security risk, even if not intentionally malicious within the bundle itself.

能力评估

ℹ Purpose & Capability

The declared purpose (a firm bundle for RA/Clinical/Quality workflows) matches the prompts and recommended companion skills (firm-orchestration, pdf parsing, audit tools). However the SKILL.md references a persistent workspace (~/.openclaw/workspace/medtech-firm) and enforcement variables (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, POLICY_BLOCKED_TOOLS) that are not declared in the skill metadata, which is an inconsistency between claimed operational needs and the declared requirements.

⚠ Instruction Scope

Runtime instructions recommend running npx clawhub@latest install ... (downloading/installing other packages) and reference specific workspace paths and enforcement flags. The skill asks users to enforce anonymization and audit settings but does not provide an automated or declared mechanism to do so. It also lists tools (sessions_send, sessions_spawn, sessions_history) that enable session-level actions — expected for orchestration but worth noting because these increase what the agent can do if invoked.

ℹ Install Mechanism

The skill itself has no install spec or code files (instruction-only), which minimizes direct install risk. However it explicitly recommends running npx to install multiple companion skills; those commands will fetch code from registries and should be reviewed before execution. The skill does not pin versions (uses @latest), increasing supply-chain/upgrade risk.

⚠ Credentials

The SKILL.md effectively requires operational environment flags for safe PHI handling (SECURE_PRODUCTION_MODE=true, AUDIT_ENABLED=true, POLICY_BLOCKED_TOOLS) but the metadata lists no required env vars or config paths. This mismatch means a user could enable the skill without the necessary safety controls. No secrets are requested, which is good, but the omitted declaration of critical safety settings is problematic given the PHI/regulatory context.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request persistent system-wide changes. It lists session-related tools which are reasonable for an orchestration bundle but increase the agent's action surface if the agent is allowed to invoke the skill autonomously. This by itself is not a disqualifying concern, but combined with the other inconsistencies it raises the potential blast radius.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install firm-medtech-pack
安装完成后，直接呼叫该 Skill 的名称或使用 /firm-medtech-pack 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Curated skill bundle for medical device, digital health, and pharma sectors. - Activates firm pyramid with pre-configured agents for RA, Clinical, R&D, and Quality. - Focused on FDA/CE compliance, clinical documentation, and pharmacovigilance workflows. - Provides example firm configuration overlays and prompt templates for common regulatory tasks. - Summarizes relevant regulatory standards and security best practices. - Lists recommended complementary skills for research, ADMET analysis, PDF parsing, and compliance.

元数据

Slug firm-medtech-pack

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题