NordVPN CLI Skill (Linux)
A ClawBot skill for controlling the NordVPN Linux CLI (nordvpn) to connect/disconnect, select locations, verify status, and adjust settings from automations and workflows.
Assumptions / Compatibility
- •Works with the official
nordvpnCLI (example shown: 4.3.1 [snap]). - •Requires the NordVPN daemon running (usually
nordvpnd) and sufficient permissions. - •Some commands may require elevated privileges depending on distro + install method (snap vs deb).
Installation
Option A: Snap (common on Ubuntu)
sudo snap install nordvpn nordvpn --version
Option B: Distro package / repo (varies)
If you installed via Nord’s repo or a package manager, just verify:
which nordvpn nordvpn --version
Verify daemon is running
# systemd installs usually systemctl status nordvpnd --no-pager || true # snap installs may not expose systemd unit the same way nordvpn status || true # or may require the full patch to be specified like so /snap/bin/nordvpn status || true
Authentication / Login
NordVPN CLI typically requires logging in once per machine/user session.
nordvpn login
If the environment is headless, the CLI will guide you through the login flow (often via a browser link / code). After login, confirm:
nordvpn account nordvpn status
ClawBot guidance: treat login as a manual prerequisite unless you explicitly automate the browser-based login flow.
Quick Reference
Status
nordvpn status
Connect (best available)
nordvpn connect # alias: nordvpn c
Connect to a country / city / group
# country nordvpn connect Sweden # city (must exist in `nordvpn cities <country>`) nordvpn connect "Stockholm" # group (must exist in `nordvpn groups`) nordvpn connect P2P
Disconnect
nordvpn disconnect # alias: nordvpn d
List locations
nordvpn countries nordvpn cities Sweden nordvpn groups
Settings (read + change)
nordvpn settings # examples (options differ by version) nordvpn set autoconnect on nordvpn set killswitch on nordvpn set threatprotectionlite on # if supported nordvpn set protocol nordlynx # if supported
Allowlist (bypass VPN for certain traffic)
# view help nordvpn allowlist --help # examples (subcommands differ by version) nordvpn allowlist add port 22 nordvpn allowlist add subnet 192.168.0.0/16 nordvpn allowlist remove port 22
Skill Design
What this skill should do well
- •
Idempotent connection actions
- •If already connected to the requested target, do nothing (or return “already connected”).
- •If connected elsewhere, optionally disconnect then connect to target.
- •
Reliable verification
- •After connect/disconnect, always run
nordvpn statusand parse the result.
- •After connect/disconnect, always run
- •
Safe fallbacks
- •
If a requested city/country/group is invalid, provide closest alternatives by listing:
- •
nordvpn countries - •
nordvpn cities <country> - •
nordvpn groups
- •
- •
- •
Human-in-the-loop login
- •If
nordvpnreports not logged in, return a structured response instructing to runnordvpn login.
- •If
Recommended “actions” (API surface)
Implement these as the skill’s callable intents/tools:
- •
status()→ returns parsed connection status - •
connect_best()→ connects to best available - •
connect_country(country) - •
connect_city(city)(optionally withcountryfor disambiguation) - •
connect_group(group) - •
disconnect() - •
list_countries() - •
list_cities(country) - •
list_groups() - •
get_settings() - •
set_setting(key, value) - •
allowlist_add(type, value) - •
allowlist_remove(type, value)
Suggested Implementation Pattern (CLI orchestration)
1) Always start with status
nordvpn status
Parse fields commonly returned by the CLI, such as:
- •Connection state (Connected/Disconnected)
- •Current server / country / city
- •IP, protocol, technology
2) Connect flow
Goal: connect to a target (country/city/group) with verification.
Pseudo-logic:
- •Run
nordvpn status - •If disconnected → connect directly
- •If connected to different target →
nordvpn disconnectthen connect - •Run
nordvpn statusagain and confirm connected
Commands:
nordvpn connect "<target>" nordvpn status
3) Disconnect flow
nordvpn disconnect nordvpn status
4) Resolve targets safely
If user asks for a city:
- •Prefer
nordvpn cities <country>when country is known - •Otherwise attempt connect; if it fails, list countries and search-like suggestions.
nordvpn countries nordvpn cities "<country>" nordvpn groups
Common Errors & Handling
Not logged in
Symptoms:
- •CLI complains about authentication/account/login.
Handling:
- •Return: “Login required. Run
nordvpn loginand repeat.” - •Optionally: run
nordvpn accountto confirm.
Daemon not running / permission denied
Symptoms:
- •Can’t connect, service errors, permission errors.
Handling:
- •
Check
systemctl status nordvpnd(systemd installs) - •
Confirm snap service health (snap installs vary)
- •
Ensure user belongs to the right group (some installs use a
nordvpngroup):bashgroups getent group nordvpn || true
Invalid location/group
Symptoms:
- •“Unknown country/city/group” or connect fails immediately.
Handling:
- •
Provide available options:
bashnordvpn countries nordvpn groups nordvpn cities "<country>"
Practical Automation Recipes
Ensure VPN is connected (any server)
nordvpn status | sed -n '1,10p' nordvpn connect nordvpn status | sed -n '1,15p'
Reconnect to a specific country
nordvpn disconnect nordvpn connect Sweden nordvpn status
Toggle killswitch (example)
nordvpn set killswitch on nordvpn settings
Notes
- •
Command options and setting keys can differ by NordVPN CLI version. Always rely on:
bashnordvpn help nordvpn set --help nordvpn allowlist --help
- •
If you need stable machine-readable output, the NordVPN CLI does not consistently provide JSON; plan to parse human-readable status text defensively (line-based key/value extraction, tolerate missing fields).