phpmac/create2-vanity-deploy
plugins/contract-security/skills/create2-vanity-deploy/SKILL.md
当用户提到靓号地址, 0x1111/8888 前后缀, cast create2, CREATE2 部署脚本, 或 CREATE2 单元测试时应使用此技能
devops
Updated May 11, 2026
$ install --global
skillsauthnpx skillsauth add phpmac/skills create2-vanity-deployInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 11, 2026, 5:41 AM172.9s6 files scanned
SKILL.md
- name:
- create2-vanity-deploy
- description:
- 当用户提到靓号地址, 0x1111/8888 前后缀, cast create2, CREATE2 部署脚本, 或 CREATE2 单元测试时应使用此技能
- metadata:
- {"clawdbot":{"emoji":"yellow","os":["darwin","linux"],"requires":{"bins":["forge","cast"]},"install":[{"id":"forge","kind":"bash","raw":"curl -L https://foundry.paradigm.xyz | bash && foundryup","bins":["forge","cast"],"label":"安装 Foundry (forge/cast)"}]}}
CREATE2 靓号部署
工具预检
| 工具 | 用途 | 检测命令 |
|------|------|----------|
| forge | 编译/测试/部署 | which forge |
| cast | 链上交互 | which cast |
- 任何工具缺失 -> 立即停止, 报告用户安装后再继续
标准流程
# 1. 搜索 salt
forge script script/<path>/FindVanitySalt.s.sol --offline
# 2. 将输出的 VANITY_SALT 写入 .env
# 3. 测试验证地址一致
forge test --match-path test/<path>/Create2Vanity.t.sol -vvv --offline
# 4. 部署
forge script script/<path>/DeployVanity.s.sol --broadcast
环境变量配置 (.env)
# 必需
PRIVATE_KEY=0x...
VANITY_SALT=0x... # 由 FindVanitySalt 脚本生成
# 可选
VANITY_TARGET=0x1111 # 目标后缀 (默认 0x1111)
VANITY_MAX_ITER=500000 # 最大迭代次数 (默认 500000)
VANITY_MODE=suffix # suffix(后缀) 或 prefix(前缀)
核心文件
| 文件 | 用途 |
|------|------|
| FindVanitySalt.s.sol | 搜索 salt |
| DeployVanity.s.sol | 使用 salt 部署合约 |
| Create2Vanity.t.sol | 验证 CREATE2 地址计算 |
模板文件
参考 resources/ 目录下的模板:
- find-salt-script-template.md - 搜索 salt 脚本
- deploy-script-template.md - 部署脚本
- create2-vanity-test-template.md - 单元测试
CREATE2 地址计算
function computeCreate2Address(
address deployer,
bytes32 salt,
bytes32 initCodeHash
) internal pure returns (address) {
return address(
uint160(uint256(keccak256(
abi.encodePacked(hex"ff", deployer, salt, initCodeHash)
)))
);
}
initCode 计算
// initCode = creationCode + encoded constructor args
bytes memory initCode = abi.encodePacked(
type(YourContract).creationCode,
abi.encode(constructorArgs...)
);
bytes32 initCodeHash = keccak256(initCode);
安全要点
见: permissionless-security-notes.md
- CREATE2 工厂不加 access control 是行业通用设计
- 地址由
deployer + salt + initCodeHash决定, 与调用者身份无关 same salt + same initCode只能部署一次- 注意 front-running 风险和参数漂移风险
注意事项
VANITY_TARGET写0x1111表示十六进制后缀...1111, 写1111是十进制0x457- 构造参数会改变
initCode, 参数变化后需要重新搜索 salt - 测试和部署必须使用相同的 deployer (私钥)
- initCode = creationCode + abi.encode(constructor args)
检查清单
- [ ] 已搜索 salt 并获取 VANITY_SALT
- [ ] 已验证部署地址符合目标靓号 (前后缀匹配)
- [ ] 测试和部署使用相同的 deployer (私钥)
- [ ] 构造参数未改变 (如有改变需重新搜索 salt)
- [ ] .env 中已配置 PRIVATE_KEY 和 VANITY_SALT
- [ ] 已运行离线测试验证地址计算正确
- [ ] 目标网络地址空间未被占用 (可选但建议检查)
Related Skills
phpmac/linux-privesc
data-ai
VerifiedTrustedCommunity
当用户提到 Linux 提权/本地提权/local privilege escalation/获取root权限/内核漏洞利用/LPE/SUID/sudo滥用/容器逃逸/权限提升检测; 或要求在Linux系统上从普通用户提升到root权限; 或查询CVE提权漏洞(如Dirty Pipe/CopyFail/Dirty Frag/PwnKit/Looney Tunables); 或需要安全加固建议时应使用此技能
SKILL.mdUpdated May 11, 2026
phpmac/position-sizing
tools
VerifiedTrustedCommunity
当用户要求 "计算仓位", "仓位管理", "止损比例", "凯利公式", "盈亏比", "资金管理", "半凯利", "反马丁格尔", "固定风险", "position sizing", "策略评估", "策略体检", "SQN", "夏普比率", "卡玛比率", "期望值", "获利因子", "MAE", "MFE", "R乘数", "索提诺", "蒙特卡洛", "样本外测试", "策略回测" 或需要计算合约交易的最优仓位/止损/资金分配/策略质量评估时应使用此技能. 覆盖仓位管理/策略评估/交易解剖/压力测试的完整框架. 即使用户只是提到 "这笔交易该下多少", "策略好不好", "复盘怎么算" 等模糊描述也应触发.
SKILL.mdUpdated May 10, 2026
phpmac/apk-api-extractor
development
VerifiedTrustedCommunity
当用户要求 "提取API", "逆向APK", "分析APP接口", "提取业务端点", "React Native逆向", "Flutter逆向" 或需要从移动应用提取后端API信息时使用此技能. 覆盖APK解包/JS bundle分析/kernel_blob.bin分析/H5页面参数发现/Spring Boot API验证全流程. 支持React Native和Flutter两种框架.
SKILL.mdUpdated May 5, 2026
phpmac/vps-provider-researcher
research
VerifiedTrustedCommunity
当用户要求 "推荐VPS", "选服务器", "对比服务商", "建站VPS", "便宜VPS", "VPS推荐" 或需要研究/筛选/对比VPS服务商时应使用此技能. 从 hostloc/lowendtalk/lowendbox/测评站搜集真实评测数据, 交叉验证后给出可溯源排名.
SKILL.mdUpdated May 4, 2026