I frankly use tools mostly as an auth layer for things were raw access is too big a footgun without a permissions step. So I give the agent the choice of asking for permission to do things via the shell, or going nuts without user-interaction via a tool that enforces reasonable limitations.

Otherwise you can e.g just give it a folder of preapproved scripts to run and explain usage in a prompt.