Back to Blog
Product·6 min read

OpenClaw 2026.2.15: Discord Components, Sub-Agents, and Security Fixes

Screenshot of the OpenClaw GitHub repository showing star, fork, and contributor counts

OpenClaw crossed the 197,000-star mark this week, and the v2026.2.15 release is the most community-packed drop we have seen so far. Instead of carving out a take, we are summarizing the announcement so OctoClaw customers can brief their teams fast.

Discord automation finally feels native

Components v2 lands with buttons, selects, modals, and attachment-backed file blocks so Discord-based agents can collect structured input without bouncing users into a browser. The same workstream tightens approval prompts, embeds, and container layouts, turning Discord into a viable operations surface instead of a demo-only channel.

Builders get tighter control loops

  • Plugins can now inspect llm_input and llm_output hooks, making it trivial to log token spend, redact secrets, or adapt prompts in-flight.
  • Sub-agents are allowed to spawn their own children with depth and concurrency limits, which unlocks planner/executor patterns without bolting on extra infra.
  • Cron jobs can fire webhooks with dedicated auth tokens when runs finish, so ops teams can fan events out to status pages or incident tooling instantly.

Channel polish closes UX gaps

Slack, Discord, and Telegram each gain per-channel acknowledgment overrides, so your support agent can thank customers with the right emoji everywhere. Group chats also keep their context injected on every turn now, solving the “agent forgot which room it was in” issue that showed up in long conversations.

Security hardening shows up everywhere

  • Sandbox containers now refuse unsafe Docker settings (bind mounts, host networking, unconfined seccomp or AppArmor profiles) and switch their integrity hashing to SHA-256.
  • Telegram bot tokens get redacted from logs, gateway status calls hide sensitive paths from non-admins, and LINE webhooks fail closed unless both secrets are configured.
  • Skills are restricted to their own tool directories, git pre-commit hooks resist option injection, and inbound chat payloads are sanitized before the agent sees them.

Reliability tweaks keep runs predictable

Telegram voice and media downloads now retry before falling back, the browser tool tells agents not to retry when remote control is offline, and OpenAI sessions pinstore=true so multi-turn context does not disappear mid-run. Memory search also becomes Unicode-aware, which fixes CJK prompts that previously fell back to vector-only recall.

Why this matters for OctoClaw pilots

Most buyer conversations orbit two questions: “Will my users trust the UI?” and “Is the security story improving?” This release gives a clean answer to both. Discord gets real input surfaces, nested sub-agents become easier to supervise, and the hardening work spans everything from container escapes to stray tokens in logs.

If you only skim one document, make it the official release notes. We mirrored the most relevant pieces here so you can keep customers, investors, or internal stakeholders current without rewriting the announcement from scratch.

Deploy Your First Agent →