[ehquestions77]

As said in the title this maybe a noob question.  So here goes, if i only use kodi as a media organizer (because my collection spans several TB'S), and use only the addons from the kodi official repository, is there any security risk in this ? If so how much? Because while after only a brief usage i have come to love kodi, a simple google search about the reach of addons into my system has scared me.

[Karellen]

Is there a particular article you can share with us? We would be interested in reading what other 3rd party sites are saying.

[ehquestions77]

It's more to the fact that most sites warned about using 3rd party addons. But my question is that what are the chances of a malicious addon on the official repository and the damage that can cause. Is there any way to mitigate this?

[Klojum]

Is there any particular official Kodi add-on on music that you are worried about?

Since the Kodi community is quite large, any 'problem' with an official add-on should be recognized as such pretty quickly.
And because this is about your local collection and not something that is being streamed, I'd say the problem is very minimal.

[ehquestions77]

Is there any particular official Kodi add-on on music that you are worried about?

Since the Kodi community is quite large, any 'problem' with an official add-on should be recognized as such pretty quickly.
And because this is about your local collection and not something that is being streamed, I'd say the problem is very minimal.

i haven't had problems with any addons yet, it's just me being a little paranoid, but I think i will run kodi in a sandboxed environment.

And has there been any previous instances where an addon on the official repository had turned out to be malicious?

[spiff]

not that i am aware of. everything is manually reviewed so unless things are well hidden, they do not slip through.

[ehquestions77]

That sounds great. I think i would just stick to the official repository and start building my library on this awesome program. Thanks to everyone for the quick replies. 

And just as an afterthought, is there any safe practice methods when using the program(except of course the official repositories advice)?

[Klojum]

If you want 'safe', don't connect to the internet
But common sense will get you a long way, IMO.

[ehquestions77]

If you want 'safe', don't connect to the internet
But common sense will get you a long way, IMO.

and here i thought i said no obvious advice, the internet is a pithole everyone knows that!!!

but yeah seeing the lack of actual security risk when using a bit of common sense, i think i am now confident in using kodi.

[Atreyu]

In my experience (i’ve used Kodi and many addons in the official repo for a long time) there’s very little chance of something malicious slipping through.
It’s when using 3rd party repos and addons that jump the odds significantly. If you install these pretty much anything is possible.

Enjoy your setup!

[DarrenHill]

Common sense is decidedly uncommon, at least from what we generally see here when some users come asking questions.

The other point about the official repo is that we don't let in code that we cannot analyse (binary stuff - certainly anything that wasn't from a trusted team member, or other compiled or otherwise obfuscated code). You'll find that some 3rd party add-ons (especially the piracy ones) do that as they don't want others stealing their pirated stream sources (which in itself is a rather poetic irony) but of course for that scenario there is no way to know what else may be hiding in the code (and in a few cases some nasty stuff has been hidden there).

In the end everything from the official Kodi GitHub can be analysed as it's all open source, for both the core code itself and the add-ons in the repo. So there's no incentive for us to hide anything, as it's all available in plain sight for anyone who wishes to to analyse and check it.