diff --git a/electron/main/backend/install-manager.ts b/electron/main/backend/install-manager.ts
index 37c8278f..263cf25f 100644
--- a/electron/main/backend/install-manager.ts
+++ b/electron/main/backend/install-manager.ts
@@ -151,11 +151,11 @@ ipcMain.on('queue-install', async (event, download_json) => {
   let execParams = [];
   if (superUserCmd.length > 0) {
     execCommand = superUserCmd;
-    execParams.push('/usr/bin/apm');
+    execParams.push('/opt/apm-app-store/extras/shell-caller.sh');
   } else {
-    execCommand = '/usr/bin/apm';
+    execCommand = '/opt/apm-app-store/extras/shell-caller.sh';
   }
-  execParams.push('install', '-y', pkgname);
+  execParams.push('apm', 'install', '-y', pkgname);
 
   const task: InstallTask = {
     id,
@@ -252,7 +252,7 @@ ipcMain.handle('check-installed', async (_event, pkgname: string) => {
 
   logger.info(`检查应用是否已安装: ${pkgname}`);
 
-  let child = spawn('/usr/bin/apm', ['list', '--installed', pkgname], {
+  let child = spawn('/opt/apm-app-store/extras/shell-caller.sh', ['apm', 'list', '--installed', pkgname], {
     shell: true,
     env: process.env
   });
@@ -290,11 +290,11 @@ ipcMain.on('remove-installed', async (_event, pkgname: string) => {
   let execParams = [];
   if (superUserCmd.length > 0) {
     execCommand = superUserCmd;
-    execParams.push('/usr/bin/apm');
+    execParams.push('/opt/apm-app-store/extras/shell-caller.sh');
   } else {
-    execCommand = '/usr/bin/apm';
+    execCommand = '/opt/apm-app-store/extras/shell-caller.sh';
   }
-  let child = spawn(execCommand, [...execParams, 'remove', '-y', pkgname], {
+  let child = spawn(execCommand, [...execParams, 'apm', 'remove', '-y', pkgname], {
     shell: true,
     env: process.env
   });
@@ -348,10 +348,10 @@ ipcMain.handle('list-upgradable', async () => {
 
 ipcMain.handle('list-installed', async () => {
   const superUserCmd = await checkSuperUserCommand();
-  const execCommand = superUserCmd.length > 0 ? superUserCmd : '/usr/bin/apm';
+  const execCommand = superUserCmd.length > 0 ? superUserCmd : '/opt/apm-app-store/extras/shell-caller.sh';
   const execParams = superUserCmd.length > 0
-    ? ['/usr/bin/apm', 'list', '--installed']
-    : ['list', '--installed'];
+    ? ['/opt/apm-app-store/extras/shell-caller.sh', 'apm', 'list', '--installed']
+    : ['apm', 'list', '--installed'];
 
   const { code, stdout, stderr } = await runCommandCapture(execCommand, execParams);
   if (code !== 0) {
@@ -374,10 +374,10 @@ ipcMain.handle('uninstall-installed', async (_event, pkgname: string) => {
   }
 
   const superUserCmd = await checkSuperUserCommand();
-  const execCommand = superUserCmd.length > 0 ? superUserCmd : '/usr/bin/apm';
+  const execCommand = superUserCmd.length > 0 ? superUserCmd : '/opt/apm-app-store/extras/shell-caller.sh';
   const execParams = superUserCmd.length > 0
-    ? ['/usr/bin/apm', 'remove', '-y', pkgname]
-    : ['remove', '-y', pkgname];
+    ? ['/opt/apm-app-store/extras/shell-caller.sh', 'apm', 'remove', '-y', pkgname]
+    : ['apm', 'remove', '-y', pkgname];
 
   const { code, stdout, stderr } = await runCommandCapture(execCommand, execParams);
   const success = code === 0;
diff --git a/extras/shell-caller.sh b/extras/shell-caller.sh
new file mode 100755
index 00000000..ade8ab1e
--- /dev/null
+++ b/extras/shell-caller.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# 检查是否提供了至少一个参数
+if [[ $# -eq 0 ]]; then
+    echo "错误：未提供命令参数。用法: $0 apm <子命令> [参数...]"
+    exit 1
+fi
+
+# 严格验证第一个参数必须是 "apm"
+if [[ "$1" != "apm" ]]; then
+    echo "拒绝执行：仅允许执行 'apm' 命令。收到的第一个参数: '$1'"
+    exit 1
+fi
+
+# 检查 apm 命令是否存在
+if ! command -v apm &>/dev/null; then
+    echo "apm 命令未找到，请确保已安装 APM 环境"
+    exit 127
+fi
+
+# 执行 apm 命令（跳过第一个参数 "apm"）
+output=$(/usr/bin/apm "${@:2}" 2>&1)
+exit_code=$?
+
+echo "$output"
+
+exit $exit_code
\ No newline at end of file
diff --git a/extras/store.spark-app.amber-pm-store.policy b/extras/store.spark-app.amber-pm-store.policy
index aae42590..e124774d 100644
--- a/extras/store.spark-app.amber-pm-store.policy
+++ b/extras/store.spark-app.amber-pm-store.policy
@@ -12,7 +12,7 @@
             <allow_inactive>yes</allow_inactive>
             <allow_active>yes</allow_active>
         </defaults>
-        <annotate key="org.freedesktop.policykit.exec.path">/opt/apm-app-store/extras/apm-installer</annotate>
+        <annotate key="org.freedesktop.policykit.exec.path">/opt/apm-app-store/extras/shell-caller.sh</annotate>
         <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
     </action>
 </policyconfig>