Perhaps you will find
this script interesting.
It is only for phpNuke, but it seems to analyze various things. But on the other hand it is not very clever to publish a public available script which shows security leaks in a cms.
I know that you are aware of security things regarding Xoops. Maybe you want to make a list of things to obey while developing modules and share this with the community?