diff --git a/src/agent/coder.js b/src/agent/coder.js
index 56c85aa..d312387 100644
--- a/src/agent/coder.js
+++ b/src/agent/coder.js
@@ -1,4 +1,5 @@
 import { writeFile, readFile, mkdirSync } from 'fs';
+import { checkSafe } from '../utils/safety.js';
 import settings from '../../settings.js';
 
 export class Coder {
@@ -129,6 +130,13 @@ export class Coder {
             }
             code = res.substring(res.indexOf('```')+3, res.lastIndexOf('```'));
 
+            if (!checkSafe(code)) {
+                console.warn(`Detected insecure generated code, not executing. Insecure code: \n\`${code}\``);
+                const message = 'Error: Code insecurity detected. Do not import, read/write files, execute dynamic code, or access the internet. Please try again:';
+                messages.push({ role: 'system', content: message });
+                continue;
+            }
+
             const execution_file = await this.stageCode(code);
             if (!execution_file) {
                 agent_history.add('system', 'Failed to stage code, something is wrong.');
diff --git a/src/agent/library/skills.js b/src/agent/library/skills.js
index 1bd2c50..b9f6184 100644
--- a/src/agent/library/skills.js
+++ b/src/agent/library/skills.js
@@ -175,7 +175,7 @@ export async function smeltItem(bot, itemName, num=1) {
     if (!furnace.fuelItem()) {
         let fuel = mc.getSmeltingFuel(bot);
         if (!fuel) {
-            log(bot, `You have no fuel to smelt ${num} ${itemName}, you need ${put_fuel} coal, charcoal, or wood.`);
+            log(bot, `You have no fuel to smelt ${itemName}, you need coal, charcoal, or wood.`);
             if (placedFurnace)
                 await collectBlock(bot, 'furnace', 1);
             return false;
diff --git a/src/utils/safety.js b/src/utils/safety.js
new file mode 100644
index 0000000..864263e
--- /dev/null
+++ b/src/utils/safety.js
@@ -0,0 +1,38 @@
+export function checkSafe(code) {
+    const dangerousPatterns = [
+        // Dynamic imports
+        /\bimport\s*\(/,
+        // Access to process and global
+        /\bprocess\b/,
+        /\bglobal\b/,
+        // Module manipulation
+        /\bmodule\b/,
+        /\bexports\b/,
+        // Require usage
+        /\brequire\s*\(/,
+        // Function constructors
+        /\bFunction\s*\(/,
+        /\beval\s*\(/,
+        // Access to __dirname and __filename
+        /\b__dirname\b/,
+        /\b__filename\b/,
+
+        // fetch
+        /\bfetch\s*\(/,
+        // XMLHttpRequest
+        /\bXMLHttpRequest\b/,
+        // Websockets
+        /\bWebSocket\b/,
+    ];
+
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(code)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+// generated by o1
+// Basic check for malicious code like dynamic imports, code exec, disk access, internet access, etc.
+// Will not catch all, and can be bypassed by obfuscation.
\ No newline at end of file