chmod 777 (world-writable permissions)
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
chmod 777 (or a+rwx/ugo+rwx) makes a path writable by every user and process on the machine, not just the ones that need it. Any other user, or any compromised process running as another account, can then overwrite the file or plant something to be executed later.
Why it matters
chmod 777 (or a+rwx/ugo+rwx) makes a path writable by every user and every process on the machine, not only the ones that legitimately need write access. Any other local account, or a compromised process running under a different user, can then overwrite the file, replace a script that later runs as a privileged user, or plant something to be picked up automatically.
How to fix it
Grant only the access actually needed: 644 for a regular file, 755 for something that must be executable, 750/770 scoped to a specific group for shared write access. If multiple services genuinely need to write the same path, put them in a dedicated group and grant that group write access instead of opening it to everyone.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo