Nice idea but during activation I get this
"The plugin generated 3 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin."
Fixed by saving file as UTF-8 without BOM. Is UTF-8 out of the box. I also removed ending tag for PHP + the blank line above that. May be that helped as well.
I wonder if a future version would be even better if it allowed user to exclude plugins? Some red results are by design, will be red forever. I think some will be annoyed about that. Is fine non-org entries starts being red, user must actively exclude.
Could be more of a notificaton tool I guess is what I mean. Less scanner which spit out debatable score.
Regardless, this should be explained on page itself as to avoid people passing out or worse acting crazy seeing results. All "not enough data", "unknown" = CHECK, more than uninstall.