Add MCP ecosystem scanner (v0.4.0)

Tune EXFIL-001 and SOCIAL-001: suppress API doc noise, fix flag parsing, expand known packages

Reduce false positives: OBFUSC-001 lockfile exclusions, EXEC-002 context window, EXFIL-001/SOCIAL-001 tuning, author extraction, baseline diff mode, security-tool annotation

Bump version to 0.3.0 and update README

Externalize SOCIAL-001 known-good package list

Reduce EXFIL-001 noise: context-aware exclusions and remove bare .key

Add EXEC-006: hidden execution in bundled scripts

Externalize C2 IP blocklist for NET-002

Switch semantic analyzer to tool_use for structured output

Serialize v0.2.0 enriched fields in bulk scanner output

Add disclosure monitoring script for 10 known-malicious skills

Reduce FP rate: skip ANSI escapes, .exec() methods, and placeholder keys

research: update TP count to 25 — second campaign discovered

Force JSON-only semantic output and expand safe domain list

Fix semantic analyzer JSON parsing — strip markdown code fences