The scan is manual right now. I am working on a cron mechanism now but it will take some fancy engineering to get it to work with a multi-threaded scan engine like mine.
As for the failure to patch that wp-login.php file, I can only tell you that it is not supposed to do that. It is rare that my plugin ever fails to fix a file and it has nearly always been because of non-standard permissions on the file in question. Basically, if WP cannot modify the file (like when it upgrades or repairs) then my plugin cannot modify the file either.
It should not turn green unless it was able to fix the file, so I don’t know what to make of that one. If you want to email me your WP Admin login I would be happy to take a look at it and give you a better answer.