#9440: fix(security): warn users when gateway token appears in URLs

## Problem The OpenClaw gateway passes authentication tokens as URL query parameters (`?token=...`) in the dashboard command, onboarding wizard, and SSH tunnel hints. While tokens are stripped from URLs after loading, they remain exposed in: - Console output - Clipboard - Server access logs - HTTP Referer headers This is a security concern (CVSS 8.2) documented in issue #9435. ## Solution Add security warnings to CLI output whenever URLs with authentication tokens are generated. ## Changes ### src/commands/dashboard.ts - Added warning message when token is present in dashboard URL ### src/wizard/onboarding.finalize.ts - Added security note when token is present in onboarding URL ### src/commands/onboard-helpers.ts - Added warning when SSH tunnel hint URL contains token Fixes #9435 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds user-facing security warnings when the CLI prints gateway Control UI URLs containing an authentication token in the query string, covering the `dashboard` command, onboarding wizard completion output, and the SSH tunnel hint text. It also updates `withTimeout` to treat AbortError as non-fatal (returning the fallback instead of crashing) and adds Vitest coverage for that behavior. The changes fit into existing CLI/onboarding output paths by piggybacking on `resolveControlUiLinks()` URL generation and the shared `formatControlUiSshHint()` helper, ensuring warnings show up consistently across the main “open dashboard” surfaces. <h3>Confidence Score: 4/5</h3> - This PR is close to safe to merge, with one output-formatting issue to address. - Changes are small and localized, and the new warning logic is straightforward. The main concern is unconditionally adding chalk-colored strings into copy/pasteable hints and non-TTY logs, which will introduce raw ANSI escape sequences in some environments. - src/commands/onboard-helpers.ts (and other chalk warning call sites) <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->