NordVPN CLI Skill (Linux)

A ClawBot skill for controlling the NordVPN Linux CLI (nordvpn) to connect/disconnect, select locations, verify status, and adjust settings from automations and workflows.

Assumptions / Compatibility

• Works with the official nordvpn CLI (example shown: 4.3.1 [snap]).
• Requires the NordVPN daemon running (usually nordvpnd) and sufficient permissions.
• Some commands may require elevated privileges depending on distro + install method (snap vs deb).

Installation

Option A: Snap (common on Ubuntu)

sudo snap install nordvpn
nordvpn --version

Option B: Distro package / repo (varies)

If you installed via Nord’s repo or a package manager, just verify:

which nordvpn
nordvpn --version

Verify daemon is running

# systemd installs usually
systemctl status nordvpnd --no-pager || true

# snap installs may not expose systemd unit the same way
nordvpn status || true

# or may require the full patch to be specified like so
/snap/bin/nordvpn status || true

Authentication / Login

NordVPN CLI typically requires logging in once per machine/user session.

nordvpn login

If the environment is headless, the CLI will guide you through the login flow (often via a browser link / code). After login, confirm:

nordvpn account
nordvpn status

ClawBot guidance: treat login as a manual prerequisite unless you explicitly automate the browser-based login flow.

Quick Reference

Status

nordvpn status

Connect (best available)

nordvpn connect
# alias:
nordvpn c

Connect to a country / city / group

# country
nordvpn connect Sweden

# city (must exist in `nordvpn cities <country>`)
nordvpn connect "Stockholm"

# group (must exist in `nordvpn groups`)
nordvpn connect P2P

Disconnect

nordvpn disconnect
# alias:
nordvpn d

List locations

nordvpn countries
nordvpn cities Sweden
nordvpn groups

Settings (read + change)

nordvpn settings

# examples (options differ by version)
nordvpn set autoconnect on
nordvpn set killswitch on
nordvpn set threatprotectionlite on  # if supported
nordvpn set protocol nordlynx        # if supported

Allowlist (bypass VPN for certain traffic)

# view help
nordvpn allowlist --help

# examples (subcommands differ by version)
nordvpn allowlist add port 22
nordvpn allowlist add subnet 192.168.0.0/16
nordvpn allowlist remove port 22

Skill Design

What this skill should do well

1. Idempotent connection actions

2. If already connected to the requested target, do nothing (or return “already connected”).

3. If connected elsewhere, optionally disconnect then connect to target.

4. Reliable verification

5. After connect/disconnect, always run nordvpn status and parse the result.

6. Safe fallbacks

7. If a requested city/country/group is invalid, provide closest alternatives by listing:

   • nordvpn countries
   • nordvpn cities <country>
   • nordvpn groups
   • Human-in-the-loop login

8. If nordvpn reports not logged in, return a structured response instructing to run nordvpn login.

Recommended “actions” (API surface)

Implement these as the skill’s callable intents/tools:

• status() → returns parsed connection status
• connect_best() → connects to best available
• connect_country(country)
• connect_city(city) (optionally with country for disambiguation)
• connect_group(group)
• disconnect()
• list_countries()
• list_cities(country)
• list_groups()
• get_settings()
• set_setting(key, value)
• allowlist_add(type, value)
• allowlist_remove(type, value)

Suggested Implementation Pattern (CLI orchestration)

1) Always start with status

nordvpn status

Parse fields commonly returned by the CLI, such as:

• Connection state (Connected/Disconnected)
• Current server / country / city
• IP, protocol, technology

2) Connect flow

Goal: connect to a target (country/city/group) with verification.

Pseudo-logic:

• Run nordvpn status
• If disconnected → connect directly
• If connected to different target → nordvpn disconnect then connect
• Run nordvpn status again and confirm connected

Commands:

nordvpn connect "<target>"
nordvpn status

3) Disconnect flow

nordvpn disconnect
nordvpn status

4) Resolve targets safely

If user asks for a city:

• Prefer nordvpn cities <country> when country is known
• Otherwise attempt connect; if it fails, list countries and search-like suggestions.

nordvpn countries
nordvpn cities "<country>"
nordvpn groups

Common Errors & Handling

Not logged in

Symptoms:

• CLI complains about authentication/account/login.

Handling:

• Return: “Login required. Run nordvpn login and repeat.”
• Optionally: run nordvpn account to confirm.

Daemon not running / permission denied

Symptoms:

• Can’t connect, service errors, permission errors.

Handling:

• Check systemctl status nordvpnd (systemd installs)
• Confirm snap service health (snap installs vary)
• Ensure user belongs to the right group (some installs use a nordvpn group):

bash groups getent group nordvpn || true

Invalid location/group

Symptoms:

• “Unknown country/city/group” or connect fails immediately.

Handling:

• Provide available options:

bash nordvpn countries nordvpn groups nordvpn cities "<country>"

Practical Automation Recipes

Ensure VPN is connected (any server)

nordvpn status | sed -n '1,10p'
nordvpn connect
nordvpn status | sed -n '1,15p'

Reconnect to a specific country

nordvpn disconnect
nordvpn connect Sweden
nordvpn status

Toggle killswitch (example)

nordvpn set killswitch on
nordvpn settings

Notes

• Command options and setting keys can differ by NordVPN CLI version. Always rely on:

bash nordvpn help nordvpn set --help nordvpn allowlist --help * If you need stable machine-readable output, the NordVPN CLI does not consistently provide JSON; plan to parse human-readable status text defensively (line-based key/value extraction, tolerate missing fields).