[2603.23064] Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution

Computer Science > Cryptography and Security arXiv:2603.23064 (cs) [Submitted on 24 Mar 2026] Title:Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution Authors:Yechao Zhang, Shiqian Zhao, Jie Zhang, Gelei Deng, Jiawen Zhang, Xiaogeng Liu, Chaowei Xiao, Tianwei Zhang View a PDF of the paper titled Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution, by Yechao Zhang and 7 other authors View PDF Abstract:We identify a critical security vulnerability in mainstream Claw personal AI agents: untrusted content encountered during heartbeat-driven background execution can silently pollute agent memory and subsequently influence user-facing behavior without the user's awareness. This vulnerability arises from an architectural design shared across the Claw ecosystem: heartbeat background execution runs in the same session as user-facing conversation, so content ingested from any external source monitored in the background (including email, message channels, news feeds, code repositories, and social platforms) can enter the same memory context used for foreground interaction, often with limited user visibility and without clear source provenance. We formalize this process as an Exposure (E) $\rightarrow$ Memory (M) $\rightarrow$ Behavior (B) pathway: misinformation encountered during heartbeat execution enters the agent's short-term session context, potentially gets written into long-term memory, and later shap...