opendatahub-io/vllm-backport-classify
helpers/skills/vllm-backport-classify/SKILL.md
Classify bugfix PRs by type (runtime_bug, platform_specific, unclear, not_bugfix) and filter by file existence at a release tag. Use after fetching raw PRs to produce a filtered candidate list. PRs marked "unclear" need agent review.
$ install --global
skillsauthnpx skillsauth add opendatahub-io/ai-helpers vllm-backport-classifyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 6:11 AM22.4s2 files scanned
SKILL.md
- name:
- vllm-backport-classify
- description:
- >
- compatibility:
- Requires gh CLI (authenticated), git, python3
- allowed-tools:
- Bash Read
- author:
- ZhanqiuHu
- version:
- 1.0
- tags:
- vllm, backport, triage
Classify and Filter
Applies deterministic regex rules to classify PRs, checks which files existed at the target release tag, detects subsystems, and filters out PRs that only touch post-release or non-runtime code.
Usage
python3 scripts/classify-and-filter.py \
--input artifacts/backport-triage/raw-prs.json \
--repo /path/to/vllm \
--tag v0.13.0 \
--output artifacts/backport-triage/filtered.json
Input
raw-prs.json — output of the vllm-backport-fetch-prs skill.
Output
filtered.json — same PR objects enriched with:
classification:runtime_bug,platform_specific,unclear,not_bugfixverdict:CANDIDATEorSKIPskip_reason: why skipped (if applicable)files,files_in_release,files_new,files_in_release_count,files_totalsubsystems: list of detected vLLM subsystem names
Agent Follow-up
After running this skill, review PRs with classification: "unclear". Read
each PR's description and decide if it's a real bugfix. Override the
classification in the JSON if needed.
Bugfix PRs in vLLM often have misleading titles — always check the actual diff and description, not just the title.
Related Skills
opendatahub-io/python-packaging-static-audit
development
VerifiedTrustedCommunity
Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-git-audit
development
VerifiedTrustedCommunity
Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-binary-audit
development
VerifiedTrustedCommunity
Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/non-redhat-rpms
testing
VerifiedTrustedCommunity
Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.
30SKILL.mdUpdated May 29, 2026