openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
All CLI tools (Read/Write/Bash/WebFetch/…) remain nominally available to the spawned subprocess. Actual execution behavior in –print non-interactive mode depends on undocumented CLI defaults (may auto-deny, may error out, may hang). Users who deploy the bridge behind any interface that forwards untrusted prompts (e.g., publicly exposed OpenClaw gateway, automated pipelines with web-fetched context, agents that consume tool results from other systems) may be relying on a sandbox that does not exist. …