diff --git a/crates/xtee-teec/src/extension.rs b/crates/xtee-teec/src/extension.rs
index 8f50b49f1216a2078952cadd609c26eb9eae593b..75c53151d6aaefd7640362a6c8c178300df80e8b 100644
--- a/crates/xtee-teec/src/extension.rs
+++ b/crates/xtee-teec/src/extension.rs
@@ -33,6 +33,39 @@ pub struct PluginMethod {
     ) -> raw::TEEC_Result,
 }
 
+// --- Begin of added safe wrapper  ---
+impl PluginMethod {
+    /// Safely invoke the plugin method with null pointer checks.
+    ///
+    /// This function validates critical pointers before calling the unsafe `invoke`.
+    /// It returns `TEEC_ERROR_BAD_PARAMETERS` if any required pointer is null:
+    /// - `self.name` is null (invalid plugin method)
+    /// - `out_len` is null (cannot report output length)
+    /// - `data` is null while `in_len` is non-zero (input buffer required)
+    ///
+    /// After validation, it forwards the call to the original `invoke` function.
+    pub fn invoke_checked(
+        &self,
+        cmd: u32,
+        sub_cmd: u32,
+        data: *mut c_char,
+        in_len: u32,
+        out_len: *mut u32,
+    ) -> raw::TEEC_Result {
+        if self.name.is_null() {
+            return raw::TEEC_ERROR_BAD_PARAMETERS;
+        }
+        if out_len.is_null() {
+            return raw::TEEC_ERROR_BAD_PARAMETERS;
+        }
+        if data.is_null() && in_len != 0 {
+            return raw::TEEC_ERROR_BAD_PARAMETERS;
+        }
+        unsafe { (self.invoke)(cmd, sub_cmd, data, in_len, out_len) }
+    }
+}
+// --- End of added safe wrapper ---
+
 /// struct PluginParameters {
 /// @cmd: u32,              plugin cmd, defined in proto/
 /// @sub_cmd: u32,          plugin subcmd, defined in proto/
@@ -76,4 +109,4 @@ impl<'a> PluginParameters<'a> {
     pub fn get_required_out_len(&self) -> usize {
         self.required_outlen
     }
-}
+}
\ No newline at end of file