diff --git a/setup.cfg b/setup.cfg
index 4eec812..136f7ea 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = pyspector
-version = 0.1.6
+version = 0.1.7
 
 [options]
 package_dir=
diff --git a/src/pyspector/_rust_core/Cargo.toml b/src/pyspector/_rust_core/Cargo.toml
index de45ad4..ca07226 100644
--- a/src/pyspector/_rust_core/Cargo.toml
+++ b/src/pyspector/_rust_core/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "_rust_core"
-version = "0.1.6"
+version = "0.1.7"
 edition = "2021"
 
 [lib]
diff --git a/src/pyspector/cli.py b/src/pyspector/cli.py
index c8cc775..32c000b 100644
--- a/src/pyspector/cli.py
+++ b/src/pyspector/cli.py
@@ -14,6 +14,7 @@
 from .triage import run_triage_tui
 from .plugin_system import get_plugin_manager, PluginSecurity
 import requests
+from urllib.parse import urlparse
 
 # Import the Rust core from its new location
 try:
@@ -268,7 +269,7 @@ def cli():
              __/>                       / \                                                                   
 """
     click.echo(click.style(banner))
-    click.echo("Version: 0.1.6\n")
+    click.echo("Version: 0.1.7\n")
     click.echo("Made with <3 by github.com/ParzivalHack\n")
     note = get_startup_note()
     click.echo(click.style(f"{note}\n", fg="bright_black", italic=True))
@@ -362,6 +363,16 @@ def run_scan_command(
 
         # Repo scan
         if params["repo_url"]:
+            try:
+                _parsed = urlparse(params["repo_url"])
+                _hostname = _parsed.hostname or ""
+            except Exception:
+                _hostname = ""
+
+            if _hostname not in ("github.com", "gitlab.com"):
+                raise click.BadParameter(
+                    "URL must be a public GitHub or GitLab repository. "
+            )
             with tempfile.TemporaryDirectory() as temp_dir:
                 click.echo(f"[*] Cloning '{params['repo_url']}' into temporary directory...")
                 subprocess.run(
@@ -435,8 +446,16 @@ def run_scan_command(
 
     if repo_url:
         # Handle Git URL cloning
-        if not ("github.com" in repo_url or "gitlab.com" in repo_url):
-            raise click.BadParameter("URL must be a public GitHub or GitLab repository.")
+        try:
+            _parsed = urlparse(repo_url)
+            _hostname = _parsed.hostname or ""
+        except Exception:
+            _hostname = ""
+
+        if _hostname not in ("github.com", "gitlab.com"):
+            raise click.BadParameter(
+                "URL must be a public GitHub or GitLab repository. "
+            )
         
         with tempfile.TemporaryDirectory() as temp_dir:
             click.echo(f"[*] Cloning '{repo_url}' into temporary directory...")
diff --git a/src/pyspector/plugin_system.py b/src/pyspector/plugin_system.py
index 00e5eb8..eeff2ab 100644
--- a/src/pyspector/plugin_system.py
+++ b/src/pyspector/plugin_system.py
@@ -143,6 +143,8 @@ def validate_plugin_code(plugin_path: Path) -> tuple[bool, str]:
             "exec",
             "compile",
             "__import__",
+            "vars",
+            "getattr", 
             "os.system",
             "os.popen",
             "subprocess.Popen",
@@ -184,6 +186,10 @@ def resolve_name(node: ast.AST) -> Optional[str]:
                     attrs.append(base)
                     attrs.reverse()
                     return ".".join(attrs)
+            if isinstance(node, ast.Call):
+                inner = resolve_name(node.func)
+                if inner:
+                    return inner
             return None
 
         class Analyzer(ast.NodeVisitor):