Improve onboarding

README.md

@@ -14,7 +14,7 @@ SKILLs for the MetaMask Agent CLI. These skills enable AI agents to authenticate
 Install with [Vercel's Skills CLI](https://skills.sh):
 
 ```bash
-npx skills add metaMask/agent-skills
+npx skills add metamask/agent-skills
 ```
 
 Select any one of the SKILLs upon prompt. 

skills/metamask-agent-wallet/references/auth.md

@@ -4,7 +4,26 @@ Use these commands to initialize wallet mode, sign in, inspect authentication st
 
 ## `init` Command
 
-Initialize the project by selecting wallet mode and trading mode.
+Initialize the project by selecting a wallet mode and trading mode.
+
+Wallet modes:
+
+1. Server wallet — Keys are managed and secured server-side. Agents can't access your main wallet. You can define policy controls like outflow limits and protocol whitelists.
+2. Bring your own wallet — Import a seed phrase. Optionally, encrypt on-device with a password. You approve every transaction with your password if encrypted.
+
+Trading modes (server wallet only):
+
+1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies.
+2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious.
+
+|  | Guard mode | Beast mode |
+| --- | --- | --- |
+| Security check | Yes | Yes |
+| Whitelisted protocols | Yes | No |
+| Outflow limit (rolling 24h) | Yes | No |
+| Approval for malicious transactions | Yes | Yes |
+| Approval for protocols not in whitelist | Yes | No |
+| Approval for raising outflow limit | Yes | No |
 
 ### Syntax
 
@@ -58,6 +77,12 @@ mm-dev init show
 
 Sign in to the CLI. Defaults to QR / browser flow.
 
+Sign-in options:
+
+1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile.
+2. Sign in with Google — Approval requests are sent to your email.
+3. Sign in with email — Approval requests are sent to your email.
+
 ### Syntax
 
 ```bash

skills/metamask-agent-wallet/references/wallet.md

@@ -4,7 +4,19 @@ Use the `wallet` commands to create, list, select, inspect wallets, and check ba
 
 ## `wallet create` Command
 
-Create a new wallet under the authenticated account.
+Create a new wallet under the authenticated account. For server wallets, you select a trading mode:
+
+1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies.
+2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious.
+
+|  | Guard mode | Beast mode |
+| --- | --- | --- |
+| Security check | Yes | Yes |
+| Whitelisted protocols | Yes | No |
+| Outflow limit (rolling 24h) | Yes | No |
+| Approval for malicious transactions | Yes | Yes |
+| Approval for protocols not in whitelist | Yes | No |
+| Approval for raising outflow limit | Yes | No |
 
 ### Syntax
 
@@ -18,7 +30,7 @@ mm-dev wallet create [--chain-namespace <namespace>] [--name <name>] [--trading-
 | --- | --- | --- |
 | `--chain-namespace` | No | Wallet chain namespace: `evm` (EIP-155) or `solana` (allowed: `evm`, `solana`) |
 | `--name` | No | Display name for the wallet |
-| `--trading-mode` | No | Trading mode for server wallets: `guard` (enforces outflow/whitelist policies) or `beast` (skips policy checks). Only applies to server-wallet mode (allowed: `guard`, `beast`) |
+| `--trading-mode` | No | Trading mode for server wallets: `guard` or `beast`. Only applies to server-wallet mode (allowed: `guard`, `beast`) |
 | `--password` | No | Password to unlock the BYOK mnemonic (BYOK mode only) [env: `MM_PASSWORD`] |
 
 ### Example

skills/metamask-agent-wallet/workflows/login.md

@@ -6,13 +6,15 @@ Reference command syntax in `references/auth.md`.
 
 ## Flow
 
-1. Ask the user which login method they want: Google, Email, or QR.
+1. Present login options with descriptions.
 2. Execute login.
 3. Verify with token.
 
 ## Login
 
-QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the login flow themselves.
+Present the sign-in options to the user. See `references/auth.md` for option details.
+
+QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser.
 
 ```bash
 mm-dev login google --no-wait

skills/metamask-agent-wallet/workflows/onboarding.md

@@ -22,8 +22,9 @@ If this fails, the CLI is not installed. Guide the user to install it before pro
 
 ## Login Flow
 
-Ask the user which login method they want to use: Google, Email, or QR.
-QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the onboarding flow themselves.
+Present the sign-in options to the user. See `references/auth.md` for option details.
+
+QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser.
 
 ### Login
 
@@ -50,13 +51,7 @@ First check if the project is already initialized:
 mm-dev init show
 ```
 
-If already initialized, skip this step. Otherwise, ask the user which wallet mode they want:
-- `server-wallet` (recommended) — keys are hosted by MetaMask infrastructure. No need to manage private keys or mnemonics.
-- `byok` — bring your own mnemonic. The user manages their own keys locally.
-
-Ask the user which trading mode they want (server-wallet only):
-- `guard` — enforces outflow and whitelist policies. When a policy is violated, the CLI requires MFA confirmation before proceeding.
-- `beast` — skips all policy checks and confirmations. Useful for scripting or experienced users who want faster execution.
+If already initialized, skip this step. Otherwise, ask the user to provision an agent wallet and select a trading mode. See `references/auth.md` for wallet mode and trading mode details.
 
 Server wallet:
 

skills/metamask-agent-workflows/workflows/login.md

@@ -6,13 +6,19 @@ Reference command syntax in `references/auth.md`.
 
 ## Flow
 
-1. Ask the user which login method they want: Google, Email, or QR.
+1. Present login options with descriptions.
 2. Execute login.
 3. Verify with token.
 
 ## Login
 
-QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the login flow themselves.
+Present the following sign-in options to the user:
+
+1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile.
+2. Sign in with Google — Approval requests are sent to your email.
+3. Sign in with email — Approval requests are sent to your email.
+
+QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser.
 
 ```bash
 mm-dev login google --no-wait

skills/metamask-agent-workflows/workflows/onboarding.md

@@ -22,8 +22,13 @@ If this fails, the CLI is not installed. Guide the user to install it before pro
 
 ## Login Flow
 
-Ask the user which login method they want to use: Google, Email, or QR.
-QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the onboarding flow themselves.
+Present the following sign-in options to the user:
+
+1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile.
+2. Sign in with Google — Approval requests are sent to your email.
+3. Sign in with email — Approval requests are sent to your email.
+
+QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser.
 
 ### Login
 
@@ -50,13 +55,24 @@ First check if the project is already initialized:
 mm-dev init show
 ```
 
-If already initialized, skip this step. Otherwise, ask the user which wallet mode they want:
-- `server-wallet` (recommended) — keys are hosted by MetaMask infrastructure. No need to manage private keys or mnemonics.
-- `byok` — bring your own mnemonic. The user manages their own keys locally.
+If already initialized, skip this step. Otherwise, ask the user to provision an agent wallet:
+
+1. Server wallet — Keys are managed and secured server-side. Agents can't access your main wallet. You can define policy controls like outflow limits and protocol whitelists.
+2. Bring your own wallet — Import a seed phrase. Optionally, encrypt on-device with a password. You approve every transaction with your password if encrypted.
+
+If the user selects `server-wallet`, ask them to choose an operating mode:
 
-Ask the user which trading mode they want (server-wallet only):
-- `guard` — enforces outflow and whitelist policies. When a policy is violated, the CLI requires MFA confirmation before proceeding.
-- `beast` — skips all policy checks and confirmations. Useful for scripting or experienced users who want faster execution.
+1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies.
+2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious.
+
+|  | Guard mode | Beast mode |
+| --- | --- | --- |
+| Security check | Yes | Yes |
+| Whitelisted protocols | Yes | No |
+| Outflow limit (rolling 24h) | Yes | No |
+| Approval for malicious transactions | Yes | Yes |
+| Approval for protocols not in whitelist | Yes | No |
+| Approval for raising outflow limit | Yes | No |
 
 Server wallet:
 
@@ -102,3 +118,10 @@ Confirm the session is authenticated, the wallet mode is correct, and the token
 ```bash
 mm-dev wallet address
 ```
+
+## Get started
+
+After setup completes, prompt the user with the following next steps:
+
+- To view wallet details, run `wallet address` or `wallet balance`.
+- Transfer funds to this wallet address to start trading (skip if you already have a balance).