Install
openclaw skills install @maciekish/nordvpnControl NordVPN on Linux via the nordvpn CLI (connect/disconnect, choose country/city/group, read status, tweak settings, manage allowlist). Use for automation that needs region routing or temporary VPN tunneling.
openclaw skills install @maciekish/nordvpnA ClawBot skill for controlling the NordVPN Linux CLI (nordvpn) to connect/disconnect, select locations, verify status, and adjust settings from automations and workflows.
nordvpn CLI (example shown: 4.3.1 [snap]).nordvpnd) and sufficient permissions.sudo snap install nordvpn
nordvpn --version
If you installed via Nord’s repo or a package manager, just verify:
which nordvpn
nordvpn --version
# systemd installs usually
systemctl status nordvpnd --no-pager || true
# snap installs may not expose systemd unit the same way
nordvpn status || true
# or may require the full patch to be specified like so
/snap/bin/nordvpn status || true
NordVPN CLI typically requires logging in once per machine/user session.
nordvpn login
If the environment is headless, the CLI will guide you through the login flow (often via a browser link / code). After login, confirm:
nordvpn account
nordvpn status
ClawBot guidance: treat login as a manual prerequisite unless you explicitly automate the browser-based login flow.
nordvpn status
nordvpn connect
# alias:
nordvpn c
# country
nordvpn connect Sweden
# city (must exist in `nordvpn cities <country>`)
nordvpn connect "Stockholm"
# group (must exist in `nordvpn groups`)
nordvpn connect P2P
nordvpn disconnect
# alias:
nordvpn d
nordvpn countries
nordvpn cities Sweden
nordvpn groups
nordvpn settings
# examples (options differ by version)
nordvpn set autoconnect on
nordvpn set killswitch on
nordvpn set threatprotectionlite on # if supported
nordvpn set protocol nordlynx # if supported
# view help
nordvpn allowlist --help
# examples (subcommands differ by version)
nordvpn allowlist add port 22
nordvpn allowlist add subnet 192.168.0.0/16
nordvpn allowlist remove port 22
Idempotent connection actions
Reliable verification
nordvpn status and parse the result.Safe fallbacks
If a requested city/country/group is invalid, provide closest alternatives by listing:
nordvpn countriesnordvpn cities <country>nordvpn groupsHuman-in-the-loop login
nordvpn reports not logged in, return a structured response instructing to run nordvpn login.Implement these as the skill’s callable intents/tools:
status() → returns parsed connection statusconnect_best() → connects to best availableconnect_country(country)connect_city(city) (optionally with country for disambiguation)connect_group(group)disconnect()list_countries()list_cities(country)list_groups()get_settings()set_setting(key, value)allowlist_add(type, value)allowlist_remove(type, value)nordvpn status
Parse fields commonly returned by the CLI, such as:
Goal: connect to a target (country/city/group) with verification.
Pseudo-logic:
nordvpn statusnordvpn disconnect then connectnordvpn status again and confirm connectedCommands:
nordvpn connect "<target>"
nordvpn status
nordvpn disconnect
nordvpn status
If user asks for a city:
nordvpn cities <country> when country is knownnordvpn countries
nordvpn cities "<country>"
nordvpn groups
Symptoms:
Handling:
nordvpn login and repeat.”nordvpn account to confirm.Symptoms:
Handling:
Check systemctl status nordvpnd (systemd installs)
Confirm snap service health (snap installs vary)
Ensure user belongs to the right group (some installs use a nordvpn group):
groups
getent group nordvpn || true
Symptoms:
Handling:
Provide available options:
nordvpn countries
nordvpn groups
nordvpn cities "<country>"
nordvpn status | sed -n '1,10p'
nordvpn connect
nordvpn status | sed -n '1,15p'
nordvpn disconnect
nordvpn connect Sweden
nordvpn status
nordvpn set killswitch on
nordvpn settings
Command options and setting keys can differ by NordVPN CLI version. Always rely on:
nordvpn help
nordvpn set --help
nordvpn allowlist --help
If you need stable machine-readable output, the NordVPN CLI does not consistently provide JSON; plan to parse human-readable status text defensively (line-based key/value extraction, tolerate missing fields).