fix: treat '*' tool allowlist as valid

CHANGELOG.md

@@ -24,6 +24,7 @@ Docs: https://docs.openclaw.ai
 ### Fixes
 
 - Auto-reply: avoid referencing workspace files in /new greeting prompt. (#5706) Thanks @bravostation.
+- Tools: treat `"*"` tool allowlist entries as valid to avoid spurious unknown-entry warnings.
 - Process: resolve Windows `spawn()` failures for npm-family CLIs by appending `.cmd` when needed. (#5815) Thanks @thejhinvirtuoso.
 - Discord: resolve PluralKit proxied senders for allowlists and labels. (#5838) Thanks @thewilloftheshadow.
 - Agents: ensure OpenRouter attribution headers apply in the embedded runner.

src/agents/tool-policy.plugin-only-allowlist.test.ts

@@ -20,6 +20,12 @@ describe("stripPluginOnlyAllowlist", () => {
     expect(policy.unknownAllowlist).toEqual([]);
   });
 
+  it('keeps allowlist when it uses "*"', () => {
+    const policy = stripPluginOnlyAllowlist({ allow: ["*"] }, pluginGroups, coreTools);
+    expect(policy.policy?.allow).toEqual(["*"]);
+    expect(policy.unknownAllowlist).toEqual([]);
+  });
+
   it("keeps allowlist when it mixes plugin and core entries", () => {
     const policy = stripPluginOnlyAllowlist(
       { allow: ["lobster", "read"] },

src/agents/tool-policy.ts

@@ -215,6 +215,10 @@ export function stripPluginOnlyAllowlist(
   const unknownAllowlist: string[] = [];
   let hasCoreEntry = false;
   for (const entry of normalized) {
+    if (entry === "*") {
+      hasCoreEntry = true;
+      continue;
+    }
     const isPluginEntry =
       entry === "group:plugins" || pluginIds.has(entry) || pluginTools.has(entry);
     const expanded = expandToolGroups([entry]);