Ledger DMK Skills
This guide shows you how to install and use the DMK agent skills so your agent can integrate the Device Management Kit (DMK) into your application, with a Ledger device acting as the human-in-the-loop signer. Skills are Markdown instruction sets your agent loads on demand.
DMK skills are in early development. Breaking changes may happen between releases.
Available skills
Maps natural language (“sign a tx”, “find my Ledger”, “is this device real?”) to the right DMK API. Load when the request is ambiguous. Skill ID: dmk-intent-vocabulary.
The main implementation skill. 5-step execution process (Init → Session → Device State → App Management → Operation) with HITL gates, error classification, and timeout bounds. Bundles SDK reference, code patterns, and platform patterns loaded on demand. Skill ID: ledger-dmk-implementation.
Clear Signing, Secure Channel, sessions, transports. Load for conceptual questions, not for implementation work. Skill ID: dmk-business-logic.
Prompting your agent
The implementation skill loads its reference files on demand based on what your prompt mentions. You will get sharper output if you name the platform (web, Node.js CLI, mobile), the transport (WebHID, Bluetooth, USB Speculos), the chain (Ethereum, Bitcoin, Solana, Cosmos), and the operation (derive address, sign transaction, install app).
Minimal WebHID demo:
Build a Vite + React app that connects to a Ledger signer over WebHID, derives an Ethereum address, and verifies it on the device. Trigger discovery from a button click and surface user-rejection errors.
WebHID only runs in Chromium-based browsers, on localhost or HTTPS, and requires a user gesture to start discovery. The skill follows these constraints, but your dev environment must respect them.
Install
Use Skills to install the three skills related to the Ledger DMK:
# Use Skills to install the three skills related to the Ledger DMK
npx skills add ledgerhq/agent-skills -s ledger-dmk-implementation dmk-intent-vocabulary dmk-business-logic
# If Skills is not installed, you will be prompted an install message. Type y to proceed.
Need to install the following packages:
skills@1.5.6
Ok to proceed? (y) Licenses and repository-specific notes live on GitHub: agent-skills.
Next steps
Your agent can now integrate DMK with the right level of guidance for each phase of the build. For DMK behavior and APIs in this portal, see the Device Management Kit how-to and Device Interaction getting started.
Important Legal notice
These DMK Skills are provided by Ledger SAS as developer resources to accelerate integration with the Ledger Device Management Kit. They are provided “as is,” without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
Skills encode implementation patterns derived from official Ledger documentation and publicly available source code. They do not constitute a security audit, certification, or endorsement of code, smart contract, or application built using them.
Ledger does not guarantee that outputs generated by these Skills are secure, correct, or free from vulnerabilities. Due to the non-deterministic nature of AI models, you acknowledge outputs may contain errors, inaccuracies, or outdated information. The developer is solely responsible for the security, correctness, and compliance of their code, smart contracts and applications.
The DMK architecture these skills describe is designed to maintain the Ledger device as a final confirmation gate for user operations. Developers building on these skills are responsible for preserving the human-in-the-loop confirmation requirement in their implementations. Removing or circumventing on-device confirmation may expose users to risk.
Use of these skills does not establish any contractual, advisory, partnership, or fiduciary relationship between the developer and Ledger SAS or its affiliates. To the maximum extent permitted by law, Ledger SAS and its affiliates shall not be liable for any direct, indirect, incidental, special, punitive, or consequential damages arising from use of or reliance on these skills, including but not limited to loss of digital assets, unauthorised access, smart contract exploits, or transaction malfunction.
