Bug: we don't handle scopes well and this needs an update

[lirantal]

So, a couple of things here:

1. If the package is scoped, we don't tell the user anything about it now, we just silently skip them.
2. We don't check the scope is unclaimed and if the scope is unclaimed then the user is still vulnerable