I've thought about how to do this. There really needs to be another server involved which can act as a client. Aside from where to host this, there are two challenges that need to be overcome:
1.) Part of the plugin to be accessible outside of the WordPress admin so it can be activated / deactivated by the client for the scheduled scans, without you having to give up your admin password.
2.) The client needs a full stack browser to scan the site so it loads all of the scripts, styles, iframes, and ajax resources. The easiest option here is phantomjs (a command line version of Safari, basically). Alternately, Selenium RC might work.
If you want to make this work in your environment, you could start off by using phantomjs (or Selenium RC) to script logging into your site and starting a scan on a regular basis.
I hope this helps!