opendatahub-io/vllm-backport-cherry-pick
helpers/skills/vllm-backport-cherry-pick/SKILL.md
Auto cherry-pick backport candidates and create a draft PR on the downstream repo. Use after scoring to attempt clean cherry-picks for ai-fixable candidates. The agent must still do semantic validation on the result.
$ install --global
skillsauthnpx skillsauth add opendatahub-io/ai-helpers vllm-backport-cherry-pickInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 6:11 AM11.8s2 files scanned
SKILL.md
- name:
- vllm-backport-cherry-pick
- description:
- >
- compatibility:
- Requires git, gh CLI (authenticated), python3, bash
- allowed-tools:
- Bash Read
- author:
- ZhanqiuHu
- version:
- 1.0
- tags:
- vllm, backport, triage
Cherry Pick
Selects eligible candidates from ranked.json, attempts cherry-pick on each, and creates a draft PR if any succeed.
Candidate Selection
A PR is eligible if ALL of:
backport_ease == "ai-fixable"score >= 50already_backported == falseverdictismust_backportorlikely_relevant
Usage
bash scripts/cherry-pick.sh \
--input artifacts/backport-triage/ranked.json \
--downstream /path/to/downstream-repo \
--branch rhai/0.13.0 \
--jira-url "https://redhat.atlassian.net/browse/..." \
--report-url "https://github.com/..." \
--output artifacts/backport-triage/cherry-pick-result.json
Output
cherry-pick-result.json:
{
"status": "created|skipped",
"pr_url": "https://...",
"succeeded": 3,
"conflicts": 1,
"results": [{"number": 12345, "title": "...", "score": 85, "status": "success|conflict"}]
}
Agent Follow-up (Required)
After this skill runs, the agent MUST:
- Semantic validation — review the cherry-picked diff, check imports reference modules that exist at the target tag, check for calls to post-release functions
- If issues found, add a comment on the draft PR
- Update the Jira ticket with the PR link
- For conflict candidates with score >= 70, add label
ai-autofix-candidate
Related Skills
opendatahub-io/security-alert
tools
VerifiedTrustedCommunity
Use this skill to filter a pre-fetched set of Hacker News stories down to those that report supply-chain security threats relevant to software developers — including malicious packages on npm or PyPI, compromised developer tooling, and attacks targeting source code repositories or CI/CD infrastructure. Reads stories from stories.json in the workspace, performs semantic analysis (fetching HN threads when the title alone is ambiguous), and writes the stories worth alerting on to findings.json.
33SKILL.mdUpdated May 22, 2026
opendatahub-io/python-packaging-static-audit
development
VerifiedTrustedCommunity
Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-git-audit
development
VerifiedTrustedCommunity
Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-binary-audit
development
VerifiedTrustedCommunity
Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026