diff --git a/src/security/policy.rs b/src/security/policy.rs
index 806a399..acc227d 100644
--- a/src/security/policy.rs
+++ b/src/security/policy.rs
@@ -414,10 +414,12 @@ impl SecurityPolicy {
                 continue;
             }
 
-            if !self
-                .allowed_commands
-                .iter()
-                .any(|allowed| allowed == base_cmd)
+            let allow_all = self.allowed_commands.iter().any(|c| c == "*");
+            if !allow_all
+                && !self
+                    .allowed_commands
+                    .iter()
+                    .any(|allowed| allowed == base_cmd)
             {
                 return false;
             }
@@ -702,6 +704,21 @@ mod tests {
         assert!(!p.is_command_allowed("node malicious.js"));
     }
 
+    #[test]
+    fn wildcard_allowed_commands_permits_any_binary() {
+        let p = SecurityPolicy {
+            allowed_commands: vec!["*".into()],
+            ..SecurityPolicy::default()
+        };
+        assert!(p.is_command_allowed("curl http://example.com"));
+        assert!(p.is_command_allowed("wget http://example.com"));
+        assert!(p.is_command_allowed("python3 script.py"));
+        assert!(p.is_command_allowed("node app.js"));
+        // Subshell/redirect blocks still apply
+        assert!(!p.is_command_allowed("echo $(rm -rf /)"));
+        assert!(!p.is_command_allowed("echo hello > /etc/passwd"));
+    }
+
     #[test]
     fn readonly_blocks_all_commands() {
         let p = readonly_policy();