OpenClaw v2026.2.15 brings two highly anticipated features — Discord’s new interactive component system and the ability for sub-agents to spawn their own children — along with important security patches.
Discord Components v2
Discord recently launched Components v2 for bots, and OpenClaw is among the first frameworks to support it. Agents can now present interactive buttons, select menus, modals, and attachment-backed file blocks directly in Discord conversations. This enables rich workflows like form submissions, multi-step wizards, and file sharing without leaving the chat.
Nested Sub-Agents
The multi-agent system gains depth with configurable sub-agent spawning. Using maxSpawnDepth: 2 and maxChildrenPerAgent limits, agents can now delegate tasks to sub-agents that themselves spawn specialized children — enabling complex orchestration patterns like research, analysis, and summarization pipelines.
Security Fixes
- SHA-256 migration — Replaced deprecated SHA-1 with SHA-256 for sandbox configuration identity checks.
- Token redaction — Prevented Telegram bot token leakage in error messages and stack traces.
- Container hardening — Blocked dangerous Docker configs that could enable container escape via bind mounts and host networking.
- XSS protection — Prevented stored XSS via assistant name/avatar fields with strict Content-Security-Policy enforcement.
Other Improvements
Per-channel acknowledgment reaction overrides allow different emoji reactions on Slack, Discord, and Telegram. New plugin hooks expose llm_input and llm_output payloads for extensions to observe model interactions. Unicode-aware full-text search now handles non-ASCII and CJK queries correctly.