diff --git a/apps/macos/Sources/OpenClaw/ExecWrapperResolution.swift b/apps/macos/Sources/OpenClaw/ExecWrapperResolution.swift
index 89280bc2786..6b97e3ebf39 100644
--- a/apps/macos/Sources/OpenClaw/ExecWrapperResolution.swift
+++ b/apps/macos/Sources/OpenClaw/ExecWrapperResolution.swift
@@ -361,7 +361,7 @@ enum ExecWrapperResolution {
         var idx = 1
         var expectsOptionValue = false
 
-        while idx < argv.count {
+        scanLoop: while idx < argv.count {
             let token = argv[idx].trimmingCharacters(in: .whitespacesAndNewlines)
             if token.isEmpty {
                 idx += 1
@@ -380,7 +380,7 @@ enum ExecWrapperResolution {
             let directive = onToken(token, token.lowercased())
             switch directive {
             case .stop:
-                break
+                break scanLoop
             case .invalid:
                 return nil
             case .consumeNext:
@@ -388,10 +388,6 @@ enum ExecWrapperResolution {
             case .continueScan:
                 break
             }
-
-            if directive == .stop {
-                break
-            }
             idx += 1
         }
 
diff --git a/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift b/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift
index e5fb916b70d..b6c25818e48 100644
--- a/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecAllowlistTests.swift
@@ -273,6 +273,23 @@ struct ExecAllowlistTests {
         #expect(resolutions[1].executableName == "whoami")
     }
 
+    @Test func `resolve for allowlist resolves blocked busybox applets to busybox itself`() throws {
+        let tmp = try makeTempDirForTests()
+        let busybox = tmp.appendingPathComponent("busybox")
+        try makeExecutableForTests(at: busybox)
+
+        let resolutions = ExecCommandResolution.resolveForAllowlist(
+            command: [busybox.path, "sed", "-n", "1p"],
+            rawCommand: nil,
+            cwd: tmp.path,
+            env: ["PATH": "\(tmp.path):/usr/bin:/bin"])
+
+        #expect(resolutions.count == 1)
+        #expect(resolutions[0].rawExecutable == busybox.path)
+        #expect(resolutions[0].resolvedPath == busybox.path)
+        #expect(resolutions[0].executableName == "busybox")
+    }
+
     @Test func `resolve for allowlist unwraps dispatch wrappers before shell wrappers`() throws {
         let tmp = try makeTempDirForTests()
         let whoami = tmp.appendingPathComponent("whoami")