Local Healthcare Agent on DGX Station

Basic idea

This playbook deploys a healthcare AI agent system on your DGX Station. Six agents (one coordinator and five specialists) query patient records, identify clinical care gaps, and predict 3D protein structures. LLM inference (Nemotron 3 Super) and protein-structure prediction (OpenFold3) run on the local GPU, and patient data never passes through a hosted LLM, OpenFold3, or PubChem. An OpenShell sandbox enforces implicit-deny networking, so only a small whitelist of external endpoints — the SMART Health IT FHIR test server, PubChem reference lookups, and viewer CDNs — is reachable for read-only metadata and front-end assets. See the Security table below for the full allowed-endpoint list.

Clinical knowledge lives in editable Markdown skill files. Change a lab threshold, add a drug to a classification list, or update a quality measure definition — it takes effect on the next query, no retraining required.

How it works

The system has four layers.

Inference — Nemotron 3 Super (120B MoE) runs locally via Ollama in a Docker container on the DGX Station GPU. No cloud APIs, no data transfer. Inside the sandbox, agents call inference.local, a virtual hostname that OpenShell routes to Ollama over the Docker bridge network.

Orchestration — OpenClaw coordinates five specialist agents. The coordinator receives the user's question, writes and executes Python scripts directly, and delegates to specialists when the query spans multiple domains.

Agent	Role	Example
Coordinator	Receives questions, writes Python, executes analysis	"Find all diabetic patients and get their latest HbA1c"
patient-data	Finds patients, retrieves demographics and conditions	"Look up patient Aaron697"
labs-vitals	Lab results, vitals, blood pressure (component observations)	"Get their latest eGFR and potassium"
medications	Active prescriptions, drug class matching	"Which patients are on an ACE inhibitor?"
analyst	Python analysis, care gaps, CMS quality measures, charts	"Generate a histogram of A1c values"
molecular	3D protein-ligand visualization via OpenFold3 + PubChem	"Show atorvastatin bound to its target"

Knowledge — Editable Markdown skill files provide clinical context that agents read at query time. For example, from skills/clinical-knowledge/SKILL.md:

Lab	Normal	Concerning	Notes
HbA1c	< 7.0% (diabetic target)	> 9.0% = poor control	ADA 2024 guidelines
eGFR	> 90	< 60 = moderate CKD	CKD-EPI 2021 equation
BP	< 120/80	≥ 140/90 = uncontrolled HTN	ACC/AHA 2024

Change 9.0% to 8.5% and the next care gap query uses the stricter threshold. Other editable items include LOINC lab codes (fhir-basics), SNOMED condition codes, drug classification lists, and CMS quality measure definitions (clinical-knowledge).

Security — OpenShell enforces an implicit-deny sandbox. Only these endpoints are reachable:

Rule	Target	Purpose
LLM inference	`https://inference.local` (port 443)	Routed to Ollama (never leaves the machine). HTTPS only — plain `http://inference.local` is denied.
FHIR data	`r4.smarthealthit.org`	Patient data queries (read-only)
PubChem	`pubchem.ncbi.nlm.nih.gov`	Drug SMILES lookup (read-only)
OpenFold3	Docker bridge IP, port 8000	Protein structure prediction
CDN	`code.jquery.com`, `3dmol.org`, `unpkg.com`	JavaScript for 3D viewers (read-only)
Everything else	`*`	Denied

NOTE

Additional rules for GitHub, npm, and PyPI are included for build dependencies during sandbox setup. These are setup-only and not used at runtime.

Patient data flows from FHIR → sandbox → Python execution. It never passes through the LLM, OpenFold3, or PubChem.

What you'll accomplish

By the end of this playbook you will have six healthcare agents running inside a sandboxed environment on your DGX Station, with local inference, editable clinical knowledge, and verified network isolation.

Serve Nemotron 3 Super (120B MoE) locally via Ollama
Deploy six agents (coordinator + five specialists) with OpenClaw inside an OpenShell sandbox
Query FHIR patient data, identify care gaps, and generate charts
Predict 3D protein structures using OpenFold3 NIM
Edit a skill file and see the change take effect immediately
Verify implicit-deny networking — confirm unauthorized endpoints are blocked

What to know before starting

Basic use of the Linux terminal and SSH
Familiarity with Docker (docker run, docker compose)
Domain knowledge is not required — the skill files provide clinical context so the LLM does not need medical fine-tuning

Prerequisites

Hardware Requirements:

NVIDIA Grace Blackwell GB300 Ultra Superchip System (DGX Station)
A single GPU with at least 150 GB free GPU memory to host Nemotron 3 Super (~94 GB resident) plus OpenFold3 (~40–80 GB on-demand). On dual-GPU stations (e.g., RTX PRO 6000 + GB300), target the GB300; the RTX PRO 6000's 98 GB is too small to load Nemotron 3 Super safely.
At least 200 GB available storage on / for model downloads and containers (86 GB Ollama model + ~10 GB Docker images + working space). Verify with df -h / before starting.

Software Requirements:

Docker with NVIDIA Container Toolkit: docker info --format '{{.ServerVersion}}'
Node.js v22+: node --version (DGX Station ships with v18 — see Step 1 of instructions.md for upgrade)
OpenShell CLI >= 0.0.33: openshell --version (binary installs to ~/.local/bin/openshell — add to PATH; see Step 1 of instructions.md)
NVIDIA NGC API key from ngc.nvidia.com (free) and Docker authentication for nvcr.io (docker login nvcr.io) so the OpenFold3 NIM image pull succeeds — see Step 2 of instructions.md
Network access to nvcr.io (NGC registry), ollama.com (model downloads), and r4.smarthealthit.org (FHIR data server)
Web browser access to http://<STATION_IP>:18789

NOTE

This playbook runs Ollama as a Docker container; you do not need to install Ollama on the host. If host Ollama is already running (e.g., from the NemoClaw playbook), stop it before Step 3 of instructions.md to free port 11434, or override OLLAMA_PORT in .env.

If Docker, the NVIDIA runtime, or OpenShell are not yet installed, complete the NemoClaw playbook (nvidia/station-nemoclaw/instructions.md) Steps 1–4 first (~30–45 minutes).

Ancillary files

All assets are bundled in the assets/ directory of this playbook, copied to the DGX Station in Step 2.

Makefile — One-command operations: make up, make setup, make check, make test
sandbox-policy.yaml — OpenShell network policy (L7 endpoint whitelist)
skills/ — Editable Markdown skill files the agents read at query time
agents/ — Specialist agent definitions (one .md per agent)
docker-compose.yml — Ollama and OpenFold3 NIM services

Supporting scripts (setup_sandbox.sh, check_sandbox_config.sh, build_viewer.py) are called by the Makefile.

Time & risk

Estimated time: ~60 minutes on first run (dominated by the ~86 GB Nemotron 3 Super model download). Under 5 minutes on subsequent runs with the model cached. Active hands-on time is ~15 minutes.
Risk level: Medium — agents execute Python code inside an OpenShell sandbox. Filesystem, network, and process access are restricted. Use a clean environment for the demo.
- Large model downloads (~86 GB) may fail on slow or unstable connections
- OpenFold3 NIM takes ~3 minutes to load — the healthcheck waits automatically
Rollback: openshell sandbox delete clinical-sandbox, make down, make clean (see Cleanup in Instructions).
Last Updated: 05/06/2026
- Refocused positioning on secure local agent workflows
- Added architecture section with agent descriptions and skill file examples
- Addressed VDR feedback: documented host-Ollama port conflict, NGC docker login, multi-GPU pinning, Node.js v22 upgrade, and other infrastructure setup gaps

Notice and disclaimers

Quick start safety check

Use only a clean environment. Run this demo on a fresh device or VM with no personal data, confidential information, or sensitive credentials. Keep it isolated like a sandbox.

By installing this demo, you accept responsibility for all third-party components, including reviewing their licenses, terms, and security posture. Read and accept before you install or use.

What you're getting

This experience is provided "AS IS" for demonstration purposes only — no warranties, no guarantees. This is a demo, not a production-ready solution. It is not a regulated medical device. Test data is synthetic (Synthea). All clinical decisions must be made by qualified clinicians.

Key risks with AI agents

Data leakage — Any materials the agent accesses could be exposed, leaked, or stolen.
Malicious code execution — The agent or its connected tools could expose your system to malicious code or cyber-attacks.
Unintended actions — The agent might modify or delete files, send messages, or access services without explicit approval.
Prompt injection and manipulation — External inputs or connected content could hijack the agent's behavior in unexpected ways.

Participant acknowledgement

By participating in this demo, you acknowledge that you are solely responsible for your configuration and for any data, accounts, and tools you connect. To the maximum extent permitted by law, NVIDIA is not responsible for any loss of data, device damage, security incidents, or other harm arising from your configuration or use of these demo materials, including OpenClaw or any connected tools or services.

Basic idea

How it works

The system has four layers.

Agent	Role	Example
Coordinator	Receives questions, writes Python, executes analysis	"Find all diabetic patients and get their latest HbA1c"
patient-data	Finds patients, retrieves demographics and conditions	"Look up patient Aaron697"
labs-vitals	Lab results, vitals, blood pressure (component observations)	"Get their latest eGFR and potassium"
medications	Active prescriptions, drug class matching	"Which patients are on an ACE inhibitor?"
analyst	Python analysis, care gaps, CMS quality measures, charts	"Generate a histogram of A1c values"
molecular	3D protein-ligand visualization via OpenFold3 + PubChem	"Show atorvastatin bound to its target"

Knowledge — Editable Markdown skill files provide clinical context that agents read at query time. For example, from skills/clinical-knowledge/SKILL.md:

Lab	Normal	Concerning	Notes
HbA1c	< 7.0% (diabetic target)	> 9.0% = poor control	ADA 2024 guidelines
eGFR	> 90	< 60 = moderate CKD	CKD-EPI 2021 equation
BP	< 120/80	≥ 140/90 = uncontrolled HTN	ACC/AHA 2024

Security — OpenShell enforces an implicit-deny sandbox. Only these endpoints are reachable:

Rule	Target	Purpose
LLM inference	`https://inference.local` (port 443)	Routed to Ollama (never leaves the machine). HTTPS only — plain `http://inference.local` is denied.
FHIR data	`r4.smarthealthit.org`	Patient data queries (read-only)
PubChem	`pubchem.ncbi.nlm.nih.gov`	Drug SMILES lookup (read-only)
OpenFold3	Docker bridge IP, port 8000	Protein structure prediction
CDN	`code.jquery.com`, `3dmol.org`, `unpkg.com`	JavaScript for 3D viewers (read-only)
Everything else	`*`	Denied

NOTE

Additional rules for GitHub, npm, and PyPI are included for build dependencies during sandbox setup. These are setup-only and not used at runtime.

Patient data flows from FHIR → sandbox → Python execution. It never passes through the LLM, OpenFold3, or PubChem.

What you'll accomplish

Serve Nemotron 3 Super (120B MoE) locally via Ollama
Deploy six agents (coordinator + five specialists) with OpenClaw inside an OpenShell sandbox
Query FHIR patient data, identify care gaps, and generate charts
Predict 3D protein structures using OpenFold3 NIM
Edit a skill file and see the change take effect immediately
Verify implicit-deny networking — confirm unauthorized endpoints are blocked

What to know before starting

Basic use of the Linux terminal and SSH
Familiarity with Docker (docker run, docker compose)
Domain knowledge is not required — the skill files provide clinical context so the LLM does not need medical fine-tuning

Prerequisites

Hardware Requirements:

NVIDIA Grace Blackwell GB300 Ultra Superchip System (DGX Station)
A single GPU with at least 150 GB free GPU memory to host Nemotron 3 Super (~94 GB resident) plus OpenFold3 (~40–80 GB on-demand). On dual-GPU stations (e.g., RTX PRO 6000 + GB300), target the GB300; the RTX PRO 6000's 98 GB is too small to load Nemotron 3 Super safely.
At least 200 GB available storage on / for model downloads and containers (86 GB Ollama model + ~10 GB Docker images + working space). Verify with df -h / before starting.

Software Requirements:

Docker with NVIDIA Container Toolkit: docker info --format '{{.ServerVersion}}'
Node.js v22+: node --version (DGX Station ships with v18 — see Step 1 of instructions.md for upgrade)
OpenShell CLI >= 0.0.33: openshell --version (binary installs to ~/.local/bin/openshell — add to PATH; see Step 1 of instructions.md)
NVIDIA NGC API key from ngc.nvidia.com (free) and Docker authentication for nvcr.io (docker login nvcr.io) so the OpenFold3 NIM image pull succeeds — see Step 2 of instructions.md
Network access to nvcr.io (NGC registry), ollama.com (model downloads), and r4.smarthealthit.org (FHIR data server)
Web browser access to http://<STATION_IP>:18789

NOTE

If Docker, the NVIDIA runtime, or OpenShell are not yet installed, complete the NemoClaw playbook (nvidia/station-nemoclaw/instructions.md) Steps 1–4 first (~30–45 minutes).

Ancillary files

All assets are bundled in the assets/ directory of this playbook, copied to the DGX Station in Step 2.

Makefile — One-command operations: make up, make setup, make check, make test
sandbox-policy.yaml — OpenShell network policy (L7 endpoint whitelist)
skills/ — Editable Markdown skill files the agents read at query time
agents/ — Specialist agent definitions (one .md per agent)
docker-compose.yml — Ollama and OpenFold3 NIM services

Supporting scripts (setup_sandbox.sh, check_sandbox_config.sh, build_viewer.py) are called by the Makefile.

Time & risk

Estimated time: ~60 minutes on first run (dominated by the ~86 GB Nemotron 3 Super model download). Under 5 minutes on subsequent runs with the model cached. Active hands-on time is ~15 minutes.
Risk level: Medium — agents execute Python code inside an OpenShell sandbox. Filesystem, network, and process access are restricted. Use a clean environment for the demo.
- Large model downloads (~86 GB) may fail on slow or unstable connections
- OpenFold3 NIM takes ~3 minutes to load — the healthcheck waits automatically
Rollback: openshell sandbox delete clinical-sandbox, make down, make clean (see Cleanup in Instructions).
Last Updated: 05/06/2026
- Refocused positioning on secure local agent workflows
- Added architecture section with agent descriptions and skill file examples
- Addressed VDR feedback: documented host-Ollama port conflict, NGC docker login, multi-GPU pinning, Node.js v22 upgrade, and other infrastructure setup gaps

Notice and disclaimers

Quick start safety check

Use only a clean environment. Run this demo on a fresh device or VM with no personal data, confidential information, or sensitive credentials. Keep it isolated like a sandbox.

By installing this demo, you accept responsibility for all third-party components, including reviewing their licenses, terms, and security posture. Read and accept before you install or use.

What you're getting

Key risks with AI agents

Data leakage — Any materials the agent accesses could be exposed, leaked, or stolen.
Malicious code execution — The agent or its connected tools could expose your system to malicious code or cyber-attacks.
Unintended actions — The agent might modify or delete files, send messages, or access services without explicit approval.
Prompt injection and manipulation — External inputs or connected content could hijack the agent's behavior in unexpected ways.

Local Healthcare Agent on DGX Station

Basic idea

How it works

What you'll accomplish

What to know before starting

Prerequisites

Ancillary files

Time & risk

Notice and disclaimers

Quick start safety check

What you're getting

Key risks with AI agents

Participant acknowledgement

Resources

Local Healthcare Agent on DGX Station

Basic idea

How it works

What you'll accomplish

What to know before starting

Prerequisites

Ancillary files

Time & risk

Notice and disclaimers

Quick start safety check

What you're getting

Key risks with AI agents

Participant acknowledgement

Resources