← Back to Skills Marketplace
raunaksingwi

Sunday

by Raunak Singwi · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
764
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install sunday
Description
Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous.
Usage Guidance
Before installing: verify the Homebrew formula and upstream source (inspect the ravi-technologies tap and the sunday formula); confirm there is a trustworthy project repo and privacy/security documentation. Understand that after you run 'sunday auth login' the CLI will store encryption keys and credentials in ~/.sunday/config.json so the agent can access email and decrypted passwords without further prompts — treat that file as high‑value secret material. If you cannot verify the publisher, avoid installing the binary on a machine with other sensitive data (consider a disposable VM/container). Prefer vendors with a public code repo, audited client-side crypto details, and a clear privacy policy. If you proceed, inspect the installed binary and its config file permissions, and consider isolating the agent (restricted user account, minimal file permissions) to reduce risk of secret exposure.
Capability Analysis
Type: OpenClaw Skill Name: sunday Version: 1.0.1 The skill bundle is benign. It provides clear instructions for an AI agent to manage its own identity, email, and E2E-encrypted credential vault using the `sunday` CLI tool. All commands are transparent, use `--json` for structured output, and are directly aligned with the stated purpose. The `SKILL.md` explicitly guides the agent to use its own identity and vault, not the user's, and emphasizes that credentials are encrypted. There is no evidence of prompt injection, data exfiltration, persistence mechanisms, or other malicious intent within the provided files. The installation of the `sunday` CLI via Homebrew is a standard dependency management practice, and while the external tool itself would require separate auditing for supply chain risks, the skill bundle's instructions are not malicious.
Capability Assessment
Purpose & Capability
The name/description align with the runtime instructions: the SKILL.md shows CLI commands to get an agent email, read inbox, and store/retrieve encrypted passwords. Requiring a 'sunday' binary is consistent. However, the skill writes sensitive state to ~/.sunday/config.json (stores credentials/encryption keys) yet the registry metadata lists no required config paths or primary credential — an inconsistency that should have been declared.
Instruction Scope
SKILL.md instructs interactive login (opens browser, enter 6‑digit PIN) and then states that credentials and encryption keys are stored in ~/.sunday/config.json so subsequent commands run autonomously. The instructions give the agent explicit commands to list inboxes, fetch messages, and decrypt passwords. This is functionally expected for the stated purpose, but it grants autonomous access to highly sensitive data (email, OTPs, passwords) and the file path for those secrets is not declared in the skill manifest.
Install Mechanism
Install is via a Homebrew formula from a third‑party tap (ravi-technologies/tap/sunday). Homebrew itself is a common channel, but the tap is not a widely-known/official upstream and no homepage/source repo is provided in the metadata — you should verify the formula and upstream source before installing. The install type is not an arbitrary URL download, which reduces risk, but trust in the tap is unclear.
Credentials
The skill declares no required environment variables, but it stores encryption keys/credentials client-side in ~/.sunday/config.json and promises no further PIN prompts after initial login. That means the agent (and any process with access to that file) can access the vault persistently. The manifest did not declare this config path or any primary credential, so the degree of persistent secret access is understated in the metadata.
Persistence & Privilege
The skill is not force-installed (always:false) and model invocation is allowed (default). Autonomous invocation combined with stored local keys yields a higher blast radius because the agent can autonomously read inboxes and decrypt passwords without human re‑authentication. This combination is expected for this class of skill but is sensitive — verify you trust the binary and its install location.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sunday
  3. After installation, invoke the skill by name or use /sunday
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Remove phone/SMS features. Add account setup instructions at sunday.ravi.app.
v0.1.0
Initial release — agent identity provider with email inbox, SMS inbox, and E2E-encrypted credential vault.
v1.0.0
Initial release — agent identity provider with email inbox, SMS inbox, and E2E-encrypted credential vault.
Metadata
Slug sunday
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Sunday?

Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous. It is an AI Agent Skill for Claude Code / OpenClaw, with 764 downloads so far.

How do I install Sunday?

Run "/install sunday" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sunday free?

Yes, Sunday is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sunday support?

Sunday is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sunday?

It is built and maintained by Raunak Singwi (@raunaksingwi); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments