Sunday
WarnAudited by ClawScan on May 10, 2026.
Overview
Sunday is a coherent identity and credential-vault skill, but it gives the agent unattended access to email, OTPs, and decrypted passwords after one login.
Install only if you intentionally want the agent to have its own autonomous email identity and credential vault. Use it with a dedicated agent-only account, avoid storing personal or high-value credentials, and require explicit confirmation before retrieving passwords, using OTPs, signing up for services, or deleting vault entries.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is misdirected or a task is poorly scoped, it may be able to access the Sunday identity, inbox, OTPs, and stored credentials without another confirmation.
This creates persistent unattended access to account credentials and encryption keys, allowing later commands to operate without a fresh human approval or PIN prompt.
After this, credentials and encryption keys are stored in `~/.sunday/config.json` — no further prompts needed. All subsequent `sunday` commands work autonomously.
Use a dedicated low-risk Sunday identity, store only credentials intended for agent use, and require human approval for credential retrieval, deletion, signup, or login workflows where possible.
A mistaken or hijacked workflow could retrieve and use credentials for services in the vault, especially because the skill is designed for autonomous operation.
The skill documents a direct command that returns plaintext credentials to the agent, but the instructions do not define approval gates, target-domain restrictions, or handling limits for those secrets.
sunday passwords get <uuid> --json # Returns decrypted username and password
Before allowing autonomous use, define strict rules for when the agent may retrieve, create, edit, or delete credentials, and confirm the target service/domain with the user for sensitive actions.
Users must trust the Sunday CLI distribution and service to correctly protect credentials, email contents, and encryption keys.
The credential-handling functionality depends on an external Homebrew-installed CLI whose implementation is not included in the provided artifacts.
brew install ravi-technologies/tap/sunday
Install only if you trust the publisher and distribution channel; review the CLI/project provenance and keep the tool updated from the expected source.
A malicious or unexpected email could try to influence the agent while it is looking for codes or links.
The skill brings email content into the agent context for OTP and verification workflows. Email is external, untrusted content and may contain misleading instructions.
# Check email for verification links or codes sunday inbox email --unread --json
Treat email bodies as untrusted input; extract only the needed code or verification link and ignore unrelated instructions in messages.