diff --git a/cmd/server/app/network/controller/agentcontroller/script.go b/cmd/server/app/network/controller/agentcontroller/script.go
index c9108626d17a76c7321876098b5497084e710f94..134d1f3fea60b72914437ca158025944268cd722 100644
--- a/cmd/server/app/network/controller/agentcontroller/script.go
+++ b/cmd/server/app/network/controller/agentcontroller/script.go
@@ -82,24 +82,24 @@ func containsDangerousCommand(content string) bool {
 }
 
 func findDangerousCommandsPos(content string) ([][]int, []string) {
-    var positions [][]int
-    var matchedCommands []string
+	var positions [][]int
+	var matchedCommands []string
 
-    for _, pattern := range dangerousCommandsList {
-        re, err := regexp.Compile(pattern)
-        if err != nil {
-            logger.Error("Error compiling pattern %s: %v\n", pattern, err)
-            continue
-        }
-        matches := re.FindAllStringIndex(content, -1)
-        for _, match := range matches {
-            start, end := match[0], match[1]-1
-            positions = append(positions, []int{start, end})
-            matchedCommands = append(matchedCommands, content[start:end+1])
-            // 记录高危命令
-        }
-    }
-    return positions, matchedCommands
+	for _, pattern := range dangerousCommandsList {
+		re, err := regexp.Compile(pattern)
+		if err != nil {
+			logger.Error("Error compiling pattern %s: %v\n", pattern, err)
+			continue
+		}
+		matches := re.FindAllStringIndex(content, -1)
+		for _, match := range matches {
+			start, end := match[0], match[1]-1
+			positions = append(positions, []int{start, end})
+			matchedCommands = append(matchedCommands, content[start:end+1])
+			// 记录高危命令
+		}
+	}
+	return positions, matchedCommands
 }
 
 var dangerousCommandsList = []string{
diff --git a/cmd/server/app/network/controller/pluginapi/script.go b/cmd/server/app/network/controller/pluginapi/script.go
index 1431b93eb77069e8ccaba72c7f64d1cc3015699b..b868b09e38a87738772c89da8e18a131884a1606 100644
--- a/cmd/server/app/network/controller/pluginapi/script.go
+++ b/cmd/server/app/network/controller/pluginapi/script.go
@@ -12,9 +12,11 @@ package pluginapi
 import (
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"gitee.com/openeuler/PilotGo/cmd/server/app/agentmanager"
+	"gitee.com/openeuler/PilotGo/cmd/server/app/network/controller"
 	"gitee.com/openeuler/PilotGo/cmd/server/app/network/jwt"
 	"gitee.com/openeuler/PilotGo/cmd/server/app/service/batch"
 	"gitee.com/openeuler/PilotGo/cmd/server/app/service/plugin"
@@ -130,8 +132,16 @@ func RunScriptHandler(c *gin.Context) {
 			Action:     "run script",
 		}
 		auditlog.Add(log)*/
+
 	logger.Debug("run script on agents :%v", d.Batch.MachineUUIDs)
-	// TODO : shellcheck
+	// Enabled according to the needs of the plugin
+	positions, matchedCommands := controller.FindDangerousCommandsPos(d.Script)
+	if len(positions) > 0 {
+		logger.Debug("Matched Commands: %v", matchedCommands)
+		str := strings.Join(matchedCommands, "\n")
+		response.Fail(c, nil, "Dangerous commands detected in script: %s."+str)
+		return
+	}
 	f := func(uuid string) batch.R {
 		agent := agentmanager.GetAgent(uuid)
 		if agent != nil { /*
diff --git a/cmd/server/app/network/controller/script.go b/cmd/server/app/network/controller/script.go
index 15d1a16c2dc9f9ab6812a7152dd856cf467d2de7..279fb635f021da92cf42119ff5f5d6852c29b0db 100644
--- a/cmd/server/app/network/controller/script.go
+++ b/cmd/server/app/network/controller/script.go
@@ -8,6 +8,8 @@
 package controller
 
 import (
+	"regexp"
+
 	scriptservice "gitee.com/openeuler/PilotGo/cmd/server/app/service/script"
 	"gitee.com/openeuler/PilotGo/sdk/response"
 	"github.com/gin-gonic/gin"
@@ -23,3 +25,33 @@ func AddScriptHandler(c *gin.Context) {
 	}
 	response.Success(c, nil, "脚本文件添加成功")
 }
+
+// 高危命令检测
+func FindDangerousCommandsPos(content string) ([][]int, []string) {
+	var positions [][]int
+	var matchedCommands []string
+
+	for _, pattern := range DangerousCommandsList {
+		re, err := regexp.Compile(pattern)
+		if err != nil {
+			// TOODO: info remind
+			continue
+		}
+		matches := re.FindAllStringIndex(content, -1)
+		for _, match := range matches {
+			start, end := match[0], match[1]-1
+			positions = append(positions, []int{start, end})
+			matchedCommands = append(matchedCommands, content[start:end+1])
+		}
+	}
+	return positions, matchedCommands
+}
+
+var DangerousCommandsList = []string{
+	`.*rm\s+-[r,f,rf].*`,
+	`.*lvremove\s+-f.*`,
+	`.*poweroff.*`,
+	`.*shutdown\s+-[f,F,h,k,n,r,t,C].*`,
+	`.*pvremove\s+-f.*`,
+	`.*vgremove\s+-f.*`,
+}