NordVPN CLI Skill (Linux)

A ClawBot skill for controlling the NordVPN Linux CLI (nordvpn) to connect/disconnect, select locations, verify status, and adjust settings from automations and workflows.

Assumptions / Compatibility

• Works with the official nordvpn CLI (example shown: 4.3.1 [snap]).
• Requires the NordVPN daemon running (usually nordvpnd) and sufficient permissions.
• Some commands may require elevated privileges depending on distro + install method (snap vs deb).

Installation

Option A: Snap (common on Ubuntu)

sudo snap install nordvpn
nordvpn --version

Option B: Distro package / repo (varies)

If you installed via Nord’s repo or a package manager, just verify:

which nordvpn
nordvpn --version

Verify daemon is running

# systemd installs usually
systemctl status nordvpnd --no-pager || true

# snap installs may not expose systemd unit the same way
nordvpn status || true

# or may require the full patch to be specified like so
/snap/bin/nordvpn status || true

Authentication / Login

NordVPN CLI typically requires logging in once per machine/user session.

nordvpn login

If the environment is headless, the CLI will guide you through the login flow (often via a browser link / code). After login, confirm:

nordvpn account
nordvpn status

ClawBot guidance: treat login as a manual prerequisite unless you explicitly automate the browser-based login flow.

Quick Reference

Status

nordvpn status

Connect (best available)

nordvpn connect
# alias:
nordvpn c

Connect to a country / city / group

# country
nordvpn connect Sweden

# city (must exist in `nordvpn cities <country>`)
nordvpn connect "Stockholm"

# group (must exist in `nordvpn groups`)
nordvpn connect P2P

Disconnect

nordvpn disconnect
# alias:
nordvpn d

List locations

nordvpn countries
nordvpn cities Sweden
nordvpn groups

Settings (read + change)

nordvpn settings

# examples (options differ by version)
nordvpn set autoconnect on
nordvpn set killswitch on
nordvpn set threatprotectionlite on  # if supported
nordvpn set protocol nordlynx        # if supported

Allowlist (bypass VPN for certain traffic)

# view help
nordvpn allowlist --help

# examples (subcommands differ by version)
nordvpn allowlist add port 22
nordvpn allowlist add subnet 192.168.0.0/16
nordvpn allowlist remove port 22

Skill Design

What this skill should do well

1. Idempotent connection actions

   • If already connected to the requested target, do nothing (or return “already connected”).
   • If connected elsewhere, optionally disconnect then connect to target.

2. Reliable verification

   • After connect/disconnect, always run nordvpn status and parse the result.

3. Safe fallbacks

   • If a requested city/country/group is invalid, provide closest alternatives by listing:

     • nordvpn countries
     • nordvpn cities <country>
     • nordvpn groups

4. Human-in-the-loop login

   • If nordvpn reports not logged in, return a structured response instructing to run nordvpn login.

Recommended “actions” (API surface)

Implement these as the skill’s callable intents/tools:

• status() → returns parsed connection status
• connect_best() → connects to best available
• connect_country(country)
• connect_city(city) (optionally with country for disambiguation)
• connect_group(group)
• disconnect()
• list_countries()
• list_cities(country)
• list_groups()
• get_settings()
• set_setting(key, value)
• allowlist_add(type, value)
• allowlist_remove(type, value)

Suggested Implementation Pattern (CLI orchestration)

1) Always start with status

nordvpn status

Parse fields commonly returned by the CLI, such as:

• Connection state (Connected/Disconnected)
• Current server / country / city
• IP, protocol, technology

2) Connect flow

Goal: connect to a target (country/city/group) with verification.

Pseudo-logic:

• Run nordvpn status
• If disconnected → connect directly
• If connected to different target → nordvpn disconnect then connect
• Run nordvpn status again and confirm connected

Commands:

nordvpn connect "<target>"
nordvpn status

3) Disconnect flow

nordvpn disconnect
nordvpn status

4) Resolve targets safely

If user asks for a city:

• Prefer nordvpn cities <country> when country is known
• Otherwise attempt connect; if it fails, list countries and search-like suggestions.

nordvpn countries
nordvpn cities "<country>"
nordvpn groups

Common Errors & Handling

Not logged in

Symptoms:

• CLI complains about authentication/account/login.

Handling:

• Return: “Login required. Run nordvpn login and repeat.”
• Optionally: run nordvpn account to confirm.

Daemon not running / permission denied

Symptoms:

• Can’t connect, service errors, permission errors.

Handling:

• Check systemctl status nordvpnd (systemd installs)

• Confirm snap service health (snap installs vary)

• Ensure user belongs to the right group (some installs use a nordvpn group):

  groups
  getent group nordvpn || true
  

Invalid location/group

Symptoms:

• “Unknown country/city/group” or connect fails immediately.

Handling:

• Provide available options:

  nordvpn countries
  nordvpn groups
  nordvpn cities "<country>"
  

Practical Automation Recipes

Ensure VPN is connected (any server)

nordvpn status | sed -n '1,10p'
nordvpn connect
nordvpn status | sed -n '1,15p'

Reconnect to a specific country

nordvpn disconnect
nordvpn connect Sweden
nordvpn status

Toggle killswitch (example)

nordvpn set killswitch on
nordvpn settings

Notes

• Command options and setting keys can differ by NordVPN CLI version. Always rely on:

  nordvpn help
  nordvpn set --help
  nordvpn allowlist --help
  

• If you need stable machine-readable output, the NordVPN CLI does not consistently provide JSON; plan to parse human-readable status text defensively (line-based key/value extraction, tolerate missing fields).