Home/stef-openclaw-skills
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add mac wireguard nordvpn backend

Browse Source
This commit is contained in:
Stefano Fiorini
2026-03-11 23:44:22 -05:00
parent b326153d26
commit 4a539a33c9
7 changed files with 700 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
skills/nordvpn-client/SKILL.md
View File

@@ -9,9 +9,9 @@ Cross-platform NordVPN lifecycle management for macOS and Linux hosts.
## What This Skill Is For
- Probing whether NordVPN is already installed
- Bootstrapping NordVPN if it is missing
- Logging in through the Linux CLI or the macOS app/CLI path
- Probing whether NordVPN is already installed or automation-ready
- Bootstrapping the required NordVPN backend if it is missing
- Logging in through the Linux CLI or validating a NordVPN token for the macOS WireGuard backend
- Connecting to a country or city before a follow-up action such as `web-automation`
- Disconnecting and checking VPN status
- Verifying public IP and geolocation after connect
@@ -38,9 +38,10 @@ node scripts/nordvpn-client.js disconnect
- install path follows NordVPN's Linux installer
- token login is supported through `NORDVPN_TOKEN`
- macOS:
- prefers Homebrew cask install: `brew install --cask nordvpn`
- prefers a usable `nordvpn` CLI if the installed package exposes one
- otherwise falls back to opening the NordVPN app and guiding the manual login/connect path
- preferred backend is NordLynx/WireGuard using `wireguard-go` and `wireguard-tools`
- `install` bootstraps those tools with Homebrew
- `login` validates `NORDVPN_TOKEN` / `NORDVPN_TOKEN_FILE` for the WireGuard backend
- `NordVPN.app` can remain installed, but it is only the manual fallback
## Credentials
@@ -63,7 +64,7 @@ Optional credential file env vars:
- platform
- install state
- control mode (`cli` vs `app-manual`)
- control mode (`cli`, `wireguard`, `app-manual`)
- auth state
- connection state
- requested target
@@ -74,7 +75,11 @@ Use `verify` when you want an explicit post-connect location check without chang
## Known Boundaries
- Linux country connect is official CLI behavior.
- Linux city connect is attempted through the CLI target string and then validated by post-connect IP/location checks.
- macOS app-only fallback cannot guarantee non-interactive login/connect if the installed app does not expose a CLI. In that case the skill will open the app and return a clear manual-action-required result.
- On macOS, Homebrew can install only the GUI app. That still counts as a supported install state; `status` will report `controlMode: "app-manual"` rather than treating the app as missing.
- Linux country/city connect remains whatever the official `nordvpn` CLI supports.
- macOS automated connects require all of:
- `NORDVPN_TOKEN` or `NORDVPN_TOKEN_FILE`
- `wireguard-go`
- `wireguard-tools`
- non-interactive `sudo` for `wg-quick`
- `NordVPN.app` login on macOS is not reused by the WireGuard backend.
- The Homebrew `nordvpn` app does not need to be uninstalled. It can coexist with the WireGuard backend.