Generally speaking, the opposite approach is the way to go for most security situations. Disallow everything and only open what you want.

So if you have a handful of commands you're willing to eval, you could regex verify them. But trying to build a stop-list of things not to eval is fraught with terror, as Ovid demonstrates above.