--- name: nordvpn-client description: Use when managing NordVPN on macOS or Linux, including install/bootstrap, login, connect, disconnect, status checks, or verifying a VPN location before running another skill. --- # NordVPN Client Cross-platform NordVPN lifecycle management for macOS and Linux hosts. ## What This Skill Is For - Probing whether NordVPN is already installed or automation-ready - Bootstrapping the required NordVPN backend if it is missing - Logging in through the Linux CLI or validating a NordVPN token for the macOS WireGuard backend - Connecting to a country or city before a follow-up action such as `web-automation` - Disconnecting and checking VPN status - Verifying public IP and geolocation after connect ## Command Surface ```bash node scripts/nordvpn-client.js status node scripts/nordvpn-client.js install node scripts/nordvpn-client.js login node scripts/nordvpn-client.js verify node scripts/nordvpn-client.js verify --country "Italy" node scripts/nordvpn-client.js verify --country "Italy" --city "Milan" node scripts/nordvpn-client.js connect --country "Italy" node scripts/nordvpn-client.js connect --city "Milan" node scripts/nordvpn-client.js connect --country "Italy" --city "Milan" node scripts/nordvpn-client.js disconnect ``` ## Platform Notes - Linux: - uses the official `nordvpn` CLI - install path follows NordVPN's Linux installer - token login is supported through `NORDVPN_TOKEN` - macOS: - preferred backend is NordLynx/WireGuard using `wireguard-go` and `wireguard-tools` - `install` bootstraps those tools with Homebrew - equivalent Homebrew command: `brew install wireguard-go wireguard-tools` - `login` validates `NORDVPN_TOKEN` / `NORDVPN_TOKEN_FILE` for the WireGuard backend - the generated WireGuard config uses NordVPN DNS directly: - `103.86.96.100` - `103.86.99.100` - before connect, the skill automatically stops Tailscale if it is active - after disconnect, or after a failed connect, the skill brings Tailscale back up if it stopped it - `NordVPN.app` can remain installed, but it is only the manual fallback ## Credentials Do not store secrets in this skill. Supported env vars: - `NORDVPN_TOKEN` - `NORDVPN_USERNAME` - `NORDVPN_PASSWORD` Optional credential file env vars: - `NORDVPN_TOKEN_FILE` - `NORDVPN_PASSWORD_FILE` Default OpenClaw credential paths: - token: `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/token.txt` - password: `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/password.txt` ## Verification Behavior `status`, `verify`, and `connect` report machine-readable JSON including: - platform - install state - control mode (`cli`, `wireguard`, `app-manual`) - auth state - connection state - requested target - public IP lookup and geolocation Use this skill first, then run the follow-up task under the active VPN session. Use `verify` when you want an explicit post-connect location check without changing VPN state. ## macOS Quick Start For an automated macOS flow: 1. `node scripts/nordvpn-client.js install` 2. put your token in `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/token.txt` or set `NORDVPN_TOKEN` / `NORDVPN_TOKEN_FILE` 3. `node scripts/nordvpn-client.js login` 4. `node scripts/nordvpn-client.js connect --country "Italy"` or `--city "Milan"` 5. `node scripts/nordvpn-client.js verify` ## Known Boundaries - Linux country/city connect remains whatever the official `nordvpn` CLI supports. - macOS automated connects require all of: - `NORDVPN_TOKEN` or `NORDVPN_TOKEN_FILE` - `wireguard-go` - `wireguard-tools` - non-interactive `sudo` for `~/.openclaw/workspace/skills/nordvpn-client/scripts/nordvpn-wireguard-helper.sh` - On macOS, Tailscale is intentionally suspended during an automated NordVPN session and resumed afterward. - `NordVPN.app` login on macOS is not reused by the WireGuard backend. - The Homebrew `nordvpn` app does not need to be uninstalled. It can coexist with the WireGuard backend.