diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py
index fcc8c8f2e..353cdd4b8 100644
--- a/apps/common/utils/tool_code.py
+++ b/apps/common/utils/tool_code.py
@@ -27,7 +27,6 @@ class ToolExecutor:
         else:
             self.sandbox_path = os.path.join(PROJECT_DIR, 'data', 'sandbox')
             self.user = None
-        self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(',');
         self.sandbox_so_path = f'{self.sandbox_path}/sandbox.so'
         try:
             self._init_dir()
@@ -74,10 +73,10 @@ class ToolExecutor:
             f.write(f"SANDBOX_PYTHON_BANNED_HOSTS={banned_hosts}")
             f.write("\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_SUBPROCESS={allow_subprocess}")
+            f.write("\n")
         os.chmod(sandbox_conf_file_path, 0o440)
 
     def exec_code(self, code_str, keywords):
-        self.validate_banned_keywords(code_str)
         _id = str(uuid.uuid7())
         success = '{"code":200,"msg":"成功","data":exec_result}'
         err = '{"code":500,"msg":str(e),"data":None}'
@@ -116,8 +115,6 @@ except Exception as e:
         raise Exception(result.get('msg'))
 
     def _generate_mcp_server_code(self, _code, params):
-        self.validate_banned_keywords(_code)
-
         # 解析代码，提取导入语句和函数定义
         try:
             tree = ast.parse(_code)
@@ -239,11 +236,6 @@ exec({dedent(code)!a})
             capture_output=True, **kwargs)
         return subprocess_result
 
-    def validate_banned_keywords(self, code_str):
-        matched = next((bad for bad in self.banned_keywords if bad in code_str), None)
-        if matched:
-            raise Exception(f"keyword '{matched}' is banned in the tool.")
-
     def validate_mcp_transport(self, code_str):
         servers = json.loads(code_str)
         for server, config in servers.items():
diff --git a/apps/tools/serializers/tool.py b/apps/tools/serializers/tool.py
index 7a09853c0..d9a23df7e 100644
--- a/apps/tools/serializers/tool.py
+++ b/apps/tools/serializers/tool.py
@@ -354,7 +354,6 @@ class ToolSerializer(serializers.Serializer):
                 self.is_valid(raise_exception=True)
                 ToolCreateRequest(data=instance).is_valid(raise_exception=True)
                 # 校验代码是否包括禁止的关键字
-                ToolExecutor().validate_banned_keywords(instance.get('code', ''))
                 if instance.get('tool_type') == ToolType.MCP:
                     ToolExecutor().validate_mcp_transport(instance.get('code', ''))
 
@@ -391,7 +390,6 @@ class ToolSerializer(serializers.Serializer):
         def test_connection(self):
             self.is_valid(raise_exception=True)
             # 校验代码是否包括禁止的关键字
-            ToolExecutor().validate_banned_keywords(self.data.get('code', ''))
             ToolExecutor().validate_mcp_transport(self.data.get('code', ''))
 
             # 校验mcp json
@@ -486,7 +484,6 @@ class ToolSerializer(serializers.Serializer):
                 self.is_valid(raise_exception=True)
                 ToolEditRequest(data=instance).is_valid(raise_exception=True)
                 # 校验代码是否包括禁止的关键字
-                ToolExecutor().validate_banned_keywords(instance.get('code', ''))
                 if instance.get('tool_type') == ToolType.MCP:
                     ToolExecutor().validate_mcp_transport(instance.get('code', ''))
 
diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
index 4e4eccb9f..a772326fb 100644
--- a/installer/Dockerfile-base
+++ b/installer/Dockerfile-base
@@ -48,7 +48,6 @@ ENV PATH=/opt/py3/bin:$PATH \
     MAXKB_SANDBOX=1 \
     MAXKB_SANDBOX_HOME=/opt/maxkb-app/sandbox \
     MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \
-    MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,execve(,pty.,eval(,compile(,shutil.,input(,__import__" \
     MAXKB_SANDBOX_PYTHON_BANNED_HOSTS="127.0.0.1,localhost,host.docker.internal,maxkb,pgsql,redis" \
     MAXKB_ADMIN_PATH=/admin