Local MCP scan false-positive cleanup.
Changes:
- Benign negated secret text such as does-not-read secrets/private keys no longer triggers static secret findings.
- Low activation-only scores below the product review floor now allow instead of warn.
- CLI regression now requires the safe package fixture to allow and the poisoned skill fixture to block.
Verified:
- Unit tests passed.
- Activation scanner regressions passed.
- CLI and hook/runtime regressions passed.
- Local MCP auto scan found 11 MCP servers: 9 allow, 2 review, 0 block.
- Fresh wheel install smoke passed: safe package allowed, poisoned skill blocked.
- PyPI 0.1.4 published and post-publish smoke passed.
Install:
python -m pip install intentprobe==0.1.4