什么是 Sunday？

Sunday 是一个专门的身份提供者，旨在为 AI 智能体提供独特的身份和安全存储。通过集成此工具，智能体将获得专用邮箱以及用于管理服务凭证的鲁棒 E2E 加密金库。这消除了智能体使用开发者个人邮箱或不安全存储方式的需求，成为需要创建账户或安全登录的 Openclaw Skills 的基石。

与需要图形界面交互或生物识别提示的传统密码管理器不同，Sunday 专为无头环境构建。它处理从接收 OTP 验证码到通过简化 CLI 生成安全密码的所有环节。这确保了您的智能体在初始设置完成后保持完全自主，为任何利用 Openclaw Skills 的自动化工作流提供专业且安全的层级。

下载入口:https://github.com/openclaw/skills/tree/main/skills/raunaksingwi/sunday

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

Sunday 应用场景

• 使用专用的智能体邮箱而非个人账户注册 Web 服务。
• 接收并提取用于自动化账户激活的 OTP 或验证码。
• 存储并检索加密凭证以实现无需人工干预的自动登录序列。
• 为服务注册和通信维护独立的智能体身份。
• 在账户创建流程中生成加密安全的密码，以维持最佳安全实践。

1. 智能体识别到身份需求（例如遇到注册表单），并通过 CLI 获取其唯一邮箱。
2. 在注册时，智能体生成安全密码并将其存储在 Sunday E2E 加密金库中。
3. 为了进行验证，智能体其专用收件箱中的传入 OTP 码或验证链接。
4. 在后续会话中，智能体使用派生自域名的特定 UUID 检索解密后的凭证。
5. CLI 在本地处理令牌刷新和解密，确保智能体在 Openclaw Skills 生态系统内保持自主。

Sunday 配置指南

创建一个 Sunday 账户并设置您的身份。然后，使用 Homebrew 安装 CLI：

brew install ravi-technologies/tap/sunday

在启动智能体环境之前进行一次 CLI 认证：

sunday auth login

按照浏览器提示操作并输入 6 位加密 PIN 码。认证完成后，验证状态：

sunday auth status

Sunday 数据架构与分类体系

Sunday 使用结构化的本地配置和基于 UUID 的检索系统来组织身份数据和凭证。所有敏感数据在本地加密后存储于 ~/.sunday/config.json。

name: sunday
description: "Agent identity provider — own email address and E2E-encrypted credential vault. Use when storing or retrieving passwords for services, logging into services with stored credentials, checking email inbox, receiving OTP/verification codes via email, signing up for services, getting your agent's email address, or any task where the agent needs its own identity separate from the user's. Replaces 1Password + AgentMail with a single skill — no desktop app, no tmux, fully autonomous."
metadata: {"openclaw": {"emoji": "??", "requires": {"bins": ["sunday"]}, "install": [{"id": "brew", "kind": "brew", "formula": "ravi-technologies/tap/sunday", "bins": ["sunday"], "label": "Install Sunday CLI via Homebrew"}]}}

Sunday

Give your agent its own identity — a dedicated email address and E2E-encrypted credential vault. All in one CLI, no desktop app, no tmux sessions, no biometric prompts. Fully autonomous after one-time setup.

Setup (One Time)

1. Create a Sunday account at sunday.ravi.app. Set up your encryption PIN and create an Identity (this gives your agent its own email address).

2. Install the CLI:

brew install ravi-technologies/tap/sunday

3. Authenticate (run this BEFORE starting OpenClaw):

sunday auth login

This opens a browser for login, then prompts for your 6-digit encryption PIN. After this, credentials and encryption keys are stored in ~/.sunday/config.json — no further prompts needed. All subsequent sunday commands work autonomously.

4. Verify:

sunday auth status

That's it. No desktop app to keep open. No tmux session. No environment variables. Start OpenClaw and your agent has its own identity.

When to Use

• Signing up for a service — use your Sunday email in registration forms
• Receiving OTP or verification codes — check inbox for email codes
• Storing credentials — save username/password for services you've signed up for
• Retrieving credentials — look up stored passwords when logging into a service
• Checking email — read incoming emails to your agent's own address
• Any task needing your own identity — don't use the user's personal email

Your Identity

Get your agent's own email address:

# Get your email address
sunday get email --json
# → {"email": "scout-a1b2c3@sunday.app"}

# Get the account owner's name
sunday get owner --json

Use this when filling out registration forms, not the user's personal email.

Inbox — Reading Email

Unified Inbox

# All messages, newest first
sunday inbox list --json

# Only unread messages
sunday inbox list --unread --json

# Filter to email only
sunday inbox list --type email --json

# Filter by direction
sunday inbox list --direction incoming --json

Email Threads

# List all email threads
sunday inbox email --json

# List only threads with unread messages
sunday inbox email --unread --json

# View a specific thread (all messages in conversation)
sunday inbox email  --json

Individual Messages

# List all email messages (flat, not grouped by thread)
sunday message email --json

# View a specific email by ID
sunday message email  --json

Passwords — E2E Encrypted Credential Vault

All passwords are end-to-end encrypted. The server never sees plaintext credentials. Decryption happens client-side using keys derived from the PIN (entered once during sunday auth login).

Store Credentials After Signup

# Auto-generate a secure password and store it
sunday passwords create example.com --json
# → Generates password, stores encrypted entry, returns UUID

# Store with specific credentials
sunday passwords create example.com --username "scout-a1b2c3@sunday.app" --password "my-secret-pass" --json

# Store with notes
sunday passwords create example.com --username "me@email.com" --password "pass123" --notes "Free tier account" --json

URL inputs are automatically cleaned to domains (e.g., https://mail.google.com/inbox becomes google.com). Username defaults to your Sunday email if not specified. Password is auto-generated if not provided.

Retrieve Credentials

# List all stored passwords (shows domain and username, NOT password)
sunday passwords list --json

# Get full entry with decrypted password
sunday passwords get  --json

Update and Delete

# Update password
sunday passwords edit  --password "new-password" --json

# Update username
sunday passwords edit  --username "new-user@email.com" --json

# Delete entry
sunday passwords delete 

Generate Password Without Storing

# Generate a random password
sunday passwords generate --json

# Custom length
sunday passwords generate --length 24 --json

# No special characters (for sites that restrict them)
sunday passwords generate --no-special --json

# Exclude specific characters
sunday passwords generate --exclude-chars "!@#" --json

Workflows

Signing Up for a New Service

# 1. Get your Sunday email
EMAIL=$(sunday get email --json | jq -r '.email')

# 2. Fill out the signup form with $EMAIL

# 3. Generate and store credentials
sunday passwords create theservice.com --json

# 4. Wait for verification email
sleep 10
sunday inbox list --unread --json

# 5. Extract verification link or code from email
sunday inbox email --unread --json

Logging Into a Service

# 1. Look up credentials
sunday passwords list --json
# Find the entry for the target domain

# 2. Get the full credentials
sunday passwords get  --json
# Returns decrypted username and password

# 3. If 2FA is required, check inbox for the code
sleep 5
sunday inbox list --type email --unread --json

Checking for OTP Codes

# After triggering a verification, wait then check
sleep 5

# Check email for verification links or codes
sunday inbox email --unread --json

# Unified check
sunday inbox list --unread --json

Important Notes

• Always use --json for all commands. This gives structured output you can parse reliably.
• This is YOUR identity, not the user's. Never use the user's personal email. Always use sunday get email for your own address.
• Credentials are encrypted. You cannot read raw password values from disk or memory files. Always use sunday passwords get to retrieve them.
• Inbox is read-only. You can receive and read email but cannot send email through Sunday.
• Token auto-refreshes. If you get an auth error, try the command again — the token refreshes automatically. If it persists, the user needs to re-run sunday auth login.