Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution

A research team led by Yechao Zhang has published a paper titled 'Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution,' exposing a fundamental security flaw in the architecture of Claw personal AI agents. The vulnerability stems from the 'heartbeat' mechanism—a background process that continuously scans external sources like email, news feeds, and social platforms. Crucially, this background execution runs in the same memory session as the user's foreground conversation, creating a direct pipeline for untrusted content to enter the agent's context without clear user visibility or source attribution.

The researchers formalized this as an Exposure → Memory → Behavior (E→M→B) pathway. Using a controlled replica called 'MissClaw,' they demonstrated that ordinary social misinformation encountered during heartbeat execution can pollute short-term session memory, with misleading rates up to 61%. This polluted information can then be saved into the agent's long-term memory through routine actions at rates up to 91%, leading to cross-session behavioral influence as high as 76%. The key finding is that this attack requires no sophisticated prompt injection; standard misinformation is sufficient to silently reshape an agent's memory and subsequent outputs, posing a significant risk to user trust and decision-making.