← 返回 Skills 市场
Sunday
作者
Raunak Singwi
· GitHub ↗
· v1.0.1
764
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install sunday
功能描述
Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous.
安全使用建议
Before installing: verify the Homebrew formula and upstream source (inspect the ravi-technologies tap and the sunday formula); confirm there is a trustworthy project repo and privacy/security documentation. Understand that after you run 'sunday auth login' the CLI will store encryption keys and credentials in ~/.sunday/config.json so the agent can access email and decrypted passwords without further prompts — treat that file as high‑value secret material. If you cannot verify the publisher, avoid installing the binary on a machine with other sensitive data (consider a disposable VM/container). Prefer vendors with a public code repo, audited client-side crypto details, and a clear privacy policy. If you proceed, inspect the installed binary and its config file permissions, and consider isolating the agent (restricted user account, minimal file permissions) to reduce risk of secret exposure.
功能分析
Type: OpenClaw Skill
Name: sunday
Version: 1.0.1
The skill bundle is benign. It provides clear instructions for an AI agent to manage its own identity, email, and E2E-encrypted credential vault using the `sunday` CLI tool. All commands are transparent, use `--json` for structured output, and are directly aligned with the stated purpose. The `SKILL.md` explicitly guides the agent to use its own identity and vault, not the user's, and emphasizes that credentials are encrypted. There is no evidence of prompt injection, data exfiltration, persistence mechanisms, or other malicious intent within the provided files. The installation of the `sunday` CLI via Homebrew is a standard dependency management practice, and while the external tool itself would require separate auditing for supply chain risks, the skill bundle's instructions are not malicious.
能力评估
Purpose & Capability
The name/description align with the runtime instructions: the SKILL.md shows CLI commands to get an agent email, read inbox, and store/retrieve encrypted passwords. Requiring a 'sunday' binary is consistent. However, the skill writes sensitive state to ~/.sunday/config.json (stores credentials/encryption keys) yet the registry metadata lists no required config paths or primary credential — an inconsistency that should have been declared.
Instruction Scope
SKILL.md instructs interactive login (opens browser, enter 6‑digit PIN) and then states that credentials and encryption keys are stored in ~/.sunday/config.json so subsequent commands run autonomously. The instructions give the agent explicit commands to list inboxes, fetch messages, and decrypt passwords. This is functionally expected for the stated purpose, but it grants autonomous access to highly sensitive data (email, OTPs, passwords) and the file path for those secrets is not declared in the skill manifest.
Install Mechanism
Install is via a Homebrew formula from a third‑party tap (ravi-technologies/tap/sunday). Homebrew itself is a common channel, but the tap is not a widely-known/official upstream and no homepage/source repo is provided in the metadata — you should verify the formula and upstream source before installing. The install type is not an arbitrary URL download, which reduces risk, but trust in the tap is unclear.
Credentials
The skill declares no required environment variables, but it stores encryption keys/credentials client-side in ~/.sunday/config.json and promises no further PIN prompts after initial login. That means the agent (and any process with access to that file) can access the vault persistently. The manifest did not declare this config path or any primary credential, so the degree of persistent secret access is understated in the metadata.
Persistence & Privilege
The skill is not force-installed (always:false) and model invocation is allowed (default). Autonomous invocation combined with stored local keys yields a higher blast radius because the agent can autonomously read inboxes and decrypt passwords without human re‑authentication. This combination is expected for this class of skill but is sensitive — verify you trust the binary and its install location.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sunday - 安装完成后,直接呼叫该 Skill 的名称或使用
/sunday触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Remove phone/SMS features. Add account setup instructions at sunday.ravi.app.
v0.1.0
Initial release — agent identity provider with email inbox, SMS inbox, and E2E-encrypted credential vault.
v1.0.0
Initial release — agent identity provider with email inbox, SMS inbox, and E2E-encrypted credential vault.
元数据
常见问题
Sunday 是什么?
Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 764 次。
如何安装 Sunday?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sunday」即可一键安装,无需额外配置。
Sunday 是免费的吗?
是的,Sunday 完全免费(开源免费),可自由下载、安装和使用。
Sunday 支持哪些平台?
Sunday 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sunday?
由 Raunak Singwi(@raunaksingwi)开发并维护,当前版本 v1.0.1。
推荐 Skills