/permissions | scrub | ClaudePluginHub

Back to Commands

Slash Command

Community

/permissions

0

Description

Audit and fix insecure file permissions (world-readable keys, executable configs)

AI Summary

Audits file permissions for security issues and fixes them automatically.

Install

1

Add the repository(one-time)

$

/plugin marketplace add iamfiscus/claude-code-scrub

2

Install the plugin

$

/plugin install iamfiscus-scrub@iamfiscus/claude-code-scrub

Argument

[--fix] [directory]

Allowed Tools

BashReadGlob

Command Content

Scrub Permissions

Audit file permissions for security issues and optionally fix them.

Usage

Execute the permissions audit script:

bash "$CLAUDE_PLUGIN_ROOT/scripts/scrub-permissions.sh" [--fix] [directory]

Options

--fix or -f: Automatically fix permission issues
directory: Path to audit (defaults to current directory)

Checks Performed

1. World-Readable Sensitive Files

Files that should be private but are readable by anyone:

*.pem, *.key, *.p12, *.pfx (certificates/keys)
.env, .env.* (environment files)
*credentials*, *secret*
SSH keys (id_rsa, id_ed25519, etc.)

Fix: Sets to 600 (owner read/write only)

2. Incorrectly Executable Files

Data files that shouldn't have execute permission:

*.json, *.yml, *.yaml
*.env, *.pem, *.key
*.md, *.txt, *.csv, *.xml

Fix: Removes execute bit

3. World-Writable Directories

Directories anyone can write to (security risk)

Fix: Removes world-write permission

4. SetUID/SetGID Files

Files with elevated privileges (requires manual review)

Examples

/scrub:permissions - Audit current directory
/scrub:permissions --fix ./ - Audit and fix issues
/scrub:permissions ~/.ssh - Audit SSH directory

Links

GitHub Stats

0 forks

Updated 5 days ago

Other plugins with /permissions

Unix permissions and security configuration guidance

claude-sonnet-4-0TaskBashRead+1

17