# nordvpn-client Cross-platform NordVPN lifecycle skill for macOS and Linux. ## What it does - Probes whether NordVPN is already installed or automation-ready - Bootstraps the required backend if missing - Handles login/bootstrap - Connects to a country or city target - Disconnects and reports status - Verifies public IP and geolocation after connect ## Commands ```bash node skills/nordvpn-client/scripts/nordvpn-client.js status node skills/nordvpn-client/scripts/nordvpn-client.js install node skills/nordvpn-client/scripts/nordvpn-client.js login node skills/nordvpn-client/scripts/nordvpn-client.js verify node skills/nordvpn-client/scripts/nordvpn-client.js verify --country "Italy" node skills/nordvpn-client/scripts/nordvpn-client.js verify --country "Italy" --city "Milan" node skills/nordvpn-client/scripts/nordvpn-client.js connect --country "Italy" node skills/nordvpn-client/scripts/nordvpn-client.js connect --city "Milan" node skills/nordvpn-client/scripts/nordvpn-client.js disconnect ``` ## Platform behavior ### macOS - preferred backend: NordLynx/WireGuard - install path: `brew install wireguard-go wireguard-tools` - automation requirements: - `NORDVPN_TOKEN` or `NORDVPN_TOKEN_FILE` - `wireguard-go` - `wireguard-tools` - non-interactive `sudo` for `~/.openclaw/workspace/skills/nordvpn-client/scripts/nordvpn-wireguard-helper.sh` - the macOS WireGuard config intentionally omits `DNS = ...` - reason: `wg-quick` on macOS rewrites system DNS across services when `DNS` is present, which can break connectivity and other tunnels - `NordVPN.app` may stay installed but is only the manual fallback - the app login is not reused by the automated WireGuard backend Quick start: 1. `node skills/nordvpn-client/scripts/nordvpn-client.js install` 2. put your token in `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/token.txt` or set `NORDVPN_TOKEN` / `NORDVPN_TOKEN_FILE` 3. `node skills/nordvpn-client/scripts/nordvpn-client.js login` 4. `node skills/nordvpn-client/scripts/nordvpn-client.js connect --country "Italy"` or `--city "Milan"` 5. `node skills/nordvpn-client/scripts/nordvpn-client.js verify` ### Linux - install path follows NordVPN's official installer script - primary control path is the official `nordvpn` CLI - token login is supported through `nordvpn login --token ` ## Credentials Supported env vars: - `NORDVPN_TOKEN` - `NORDVPN_TOKEN_FILE` - `NORDVPN_USERNAME` - `NORDVPN_PASSWORD` - `NORDVPN_PASSWORD_FILE` Do not put secrets in the skill docs or repo. Default OpenClaw credential paths: - token: `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/token.txt` - password: `~/.openclaw/workspace/.clawdbot/credentials/nordvpn/password.txt` ## Verification model `status`, `verify`, and `connect` emit JSON suitable for agent use: - platform - install state - control mode (`cli`, `wireguard`, `app-manual`) - auth state - connection state - requested target - public IP / geolocation lookup After `connect`, the intended workflow is: 1. `nordvpn-client connect ...` 2. `nordvpn-client verify ...` if an explicit location check is needed 3. run the follow-up task such as `web-automation` ## Limitations - Linux behavior still depends on the official `nordvpn` CLI. - macOS automated connects require token-based WireGuard setup; GUI-app login alone is insufficient. - The Homebrew `nordvpn` app does not need to be uninstalled.