diff --git a/plugins/code_py.py b/plugins/code_py.py
index b595354..2fa2988 100644
--- a/plugins/code_py.py
+++ b/plugins/code_py.py
@@ -22,20 +22,31 @@ __plugin_meta__ = {
     "usage": "/code_py - 进入交互模式，等待输入代码块\n/code_py [单行代码] - 快速执行单行代码",
 }
 
-# --- 安全配置：危险模块黑名单 ---
+# --- 安全配置：危险模块和内置函数黑名单 ---
 DANGEROUS_MODULES = [
     "os", "sys", "subprocess", "shutil", "socket", "requests", "urllib",
     "http", "ftplib", "telnetlib", "ctypes", "_thread", "multiprocessing",
     "asyncio",
 ]
+DANGEROUS_BUILTINS = [
+    "__import__", "open", "exec", "eval", "compile", "input", "breakpoint"
+]
 
 # 编译后的正则表达式，用于分割语句
 STATEMENT_SPLIT_PATTERN = re.compile(r'[;\n]')
+# 编译后的正则表达式，用于查找危险的内置函数调用
+BUILTIN_CALL_PATTERN = re.compile(r'\b(' + '|'.join(DANGEROUS_BUILTINS) + r')\s*\(')
 
 def is_code_safe(code: str) -> Tuple[bool, str]:
     """
-    检查代码中是否包含危险的模块导入。
+    检查代码中是否包含危险的模块导入或内置函数调用。
     """
+    # 1. 检查危险的内置函数
+    found_builtins = BUILTIN_CALL_PATTERN.search(code)
+    if found_builtins:
+        return False, f"检测到不允许的内置函数调用：'{found_builtins.group(1)}'"
+
+    # 2. 检查危险的模块导入
     statements = STATEMENT_SPLIT_PATTERN.split(code)
     for statement in statements:
         statement = statement.strip()