docs: fix README/launch-post to match actual CLI flag and score semantics

README.md

@@ -38,7 +38,7 @@ npx @hailbytes/mcp-security-scanner ./mcp-config.json
 npx @hailbytes/mcp-security-scanner https://my-mcp-server.example.com
 
 # Output SARIF for GitHub Code Scanning + fail on findings
-npx @hailbytes/mcp-security-scanner ./config.json --output=sarif --exit-code
+npx @hailbytes/mcp-security-scanner ./config.json --format=sarif --exit-code
 ```
 
 ### Programmatic
@@ -49,7 +49,7 @@ import { scan } from "@hailbytes/mcp-security-scanner";
 const report = await scan({ configPath: "./mcp-config.json" });
 
 console.log(report.findings);  // Finding[] — individual security issues
-console.log(report.score);     // 0–100 risk score (lower = riskier)
+console.log(report.score);     // 0–100 risk score (higher = riskier; 0 is safest)
 console.log(report.passed);    // boolean — use as CI gate
 ```
 

dev-to/launch-post.md

@@ -41,7 +41,7 @@ npx @hailbytes/mcp-security-scanner ./mcp-config.json
 npx @hailbytes/mcp-security-scanner https://my-mcp-server.example.com
 
 # SARIF output + fail the build
-npx @hailbytes/mcp-security-scanner ./config.json --output=sarif --exit-code
+npx @hailbytes/mcp-security-scanner ./config.json --format=sarif --exit-code
 ```
 
 ## Programmatic