diff --git a/apps/auth-set.js b/apps/auth-set.js
index 1f82a6a..407d58d 100644
--- a/apps/auth-set.js
+++ b/apps/auth-set.js
@@ -1,4 +1,5 @@
 import configControl from '../lib/config/configControl.js';
+import ConfigControl from '../lib/config/configControl.js';
 
 export class carbonAuthSetting extends plugin {
   constructor() {
@@ -35,6 +36,11 @@ export class carbonAuthSetting extends plugin {
   async enableAuth(e) {
     if (!(e.sender.role === 'owner' || e.sender.role === 'admin' || e.isMaster))
       return e.reply('只有群主或管理员可以设置验证..', true);
+    const botMember = await e.group?.pickMember?.(e.bot.uin);
+    const info = botMember?.info || (await botMember?.getInfo?.());
+    if (info.role !== 'admin' || info.role !== 'owner') {
+      return e.reply(`${ConfigControl.get('profile')?.nickName}不是管理,没法帮你验证啦..`, true);
+    }
     const { cfg, groupCfg } = await this._getCfg(e);
     groupCfg.enable = true;
     await this._saveCfg(e, cfg, groupCfg);
diff --git a/apps/auth.js b/apps/auth.js
index 236092a..8ba6094 100644
--- a/apps/auth.js
+++ b/apps/auth.js
@@ -210,6 +210,12 @@ export class CarbonAuth extends plugin {
     let atElem = (e.message || []).find((m) => m.type === 'at');
     if (!atElem || !atElem.qq) return e.reply('你要验证谁?', true);
     const targetId = Number(atElem.qq);
+    const member = await e.group.pickMember(targetId);
+    if (member.role === 'owner' || member.role === 'admin') {
+      return e.reply('这对吗', true);
+    }
+    const key = `${e.group_id}_${targetId}`;
+    if (this.pending.get(key)) return e.reply('这孩子已经在验证了..', true);
     await this.auth(e, e.group_id, targetId);
   }
 }