ATR detection rules integration — 108 rules complementing SecureClaw's 15 behavioral rules

[eeee2345]

SecureClaw has 51 audit checks + 15 behavioral rules for OpenClaw agents. ATR (Agent Threat Rules) maintains 108 regex detection rules covering a different layer — MCP tool poisoning, SKILL.md supply chain attacks, credential exfiltration, and prompt injection patterns.

They complement each other: SecureClaw does runtime hardening + behavioral rules, ATR does pattern-based threat detection.

Cisco AI Defense ships 34 ATR rules in production. 53K+ skills scanned, 0% FP on clean content.

Would you be open to a PR that integrates ATR detection patterns alongside SecureClaw's existing rules? Happy to match your format.

• https://github.com/Agent-Threat-Rule/agent-threat-rules
• https://agentthreatrule.org
• Cisco: feat: Add ATR community rule pack — 34 rules for MCP tool poisoning, multi-agent attacks, and advanced injection cisco-ai-defense/skill-scanner#79