diff --git a/.github/workflows/add-to-task-list.yml b/.github/workflows/add-to-task-list.yml
index 1b3afc16b..9dcdc05e0 100644
--- a/.github/workflows/add-to-task-list.yml
+++ b/.github/workflows/add-to-task-list.yml
@@ -7,6 +7,7 @@ on:
   issues:
     types:
       - opened
+permissions: read-all
 jobs:
   add-to-task-list:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/github-actions-cache-cleaner.yml b/.github/workflows/github-actions-cache-cleaner.yml
index 2fe5ea76a..5ab656e43 100644
--- a/.github/workflows/github-actions-cache-cleaner.yml
+++ b/.github/workflows/github-actions-cache-cleaner.yml
@@ -7,6 +7,7 @@ on:
   schedule:
     - cron: '0 21 * * *' # 06:00 JST
   workflow_dispatch:
+permissions: read-all
 jobs:
   github-actions-cache-cleaner:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
index 340109e63..6738f7e3c 100644
--- a/.github/workflows/super-linter.yml
+++ b/.github/workflows/super-linter.yml
@@ -18,6 +18,10 @@ on:
     branches:
       - main
   pull_request:
+permissions:
+  contents: read
+  packages: read
+  statuses: write
 ###############
 # Set the Job #
 ###############
diff --git a/.github/workflows/update-package.yml b/.github/workflows/update-package.yml
index 257aacd86..b0b6cb622 100644
--- a/.github/workflows/update-package.yml
+++ b/.github/workflows/update-package.yml
@@ -10,13 +10,13 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: write
+  pull-requests: write
 jobs:
   # npm installを実行し、package.jsonやpackage-lock.jsonに差分があればPRを作る
   update-package:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
       - uses: actions/checkout@v4.1.1
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
diff --git a/scripts/super_linter/build/set_path.sh b/scripts/super_linter/build/set_path.sh
old mode 100644
new mode 100755
index 6ab85933b..5e34dd1d7
--- a/scripts/super_linter/build/set_path.sh
+++ b/scripts/super_linter/build/set_path.sh
@@ -3,4 +3,4 @@
 npm ci --prefer-offline
 action="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml)"
 PATH="$(docker run --rm --entrypoint '' "ghcr.io/${action//\/slim@/:slim-}" /bin/sh -c 'echo $PATH')"
-echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >> "$GITHUB_ENV"
+echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >>"$GITHUB_ENV"