I’ve noticed when Troypoint recommends an addon or repository, he usually scans just the url of the repository with virustotal and then says the repository is safe or something of the sort. This could be very misleading because although you are scanning the destination of the repo, you are not scanning the files that are contained inside the repo which could in fact be very malicious. Example? Let’s use something familiar like The Crew repo. When you scan the url for the repo, it shows completely clean. But if you were to go into that repo and take an individual file and scan the file itself on virustotal, it shows quite the opposite. Here’s the script.module.thecrew-1.1.6r.zip, which gets installed with the plugin.video.thecrew addon. Just for safety’s sake, let’s have a look at it and see what virustotal had to say. VirusTotal https://www.virustotal.com/gui/file/7d599fc86aeae28425ddd25a639edfbc3f18f9357ce9703171eb885168792126?nocache=1
Thoughts?
Agree, a url scan is just a start to use upon entry. Any files within are subject to change and alteration. Only you are responsible for your actions. Trust nothing and remember only you can prevent forrest fires.
True. We know this, but probably many people do not. They see a green light and think it means go.
The bad guys count on lack of knowledge on your part. Troypoint scans are just the start. Anyone delving into the kodi underworld should know better but I agree most do not.
I guess the question would be, what is the point of scanning the url of the repo in the first place when that’s not where the danger lies, and in doing that are you giving people a false sense of security?
Then stick with the popular kodi addons that are wellkown and use proper repos from legit sources…
It’s not me that I’m worried about. I’m not a newbie. Plus, the crew is a popular repo is it not?
What is the point of this? I’ve been using The Crew for years with no issues. Is the BoogeyMan going to jump through my Streaming box! 
I agree. The scan is something you should do but most do not. The larger well known repos are pretty safe but still theres always the chance a bad guy gets his mods in un-detected. This by itself makes kodi add-ons a dangerous place. I have seen in other groups that infiltration into kodi apps by authorities of one kind or another. Troy can only get you started but cant hold your hand in the kodiverse. At some point you realize its on you.
The question remains, what is the point of doing a virustotal scan on a repo url?
Always make sure you are safe but if you are getting repos from a well kown soruce then you are fine.
I think you are putting a little more into this then needed. Its why troypoint.com has the guides and info for anyone starting out.
Actually I was just trying to prove a point about a url scan being kind of pointless and maybe have a discussion on the example I included. It was just an example. Wasn’t meant to inspire any ruffled feathers or fears of boogeymen.
I get you, i understand the point. 9 times out of 10 if someone is infected due to a issue with a repo it was probably gotten from something untrustworthy and not even the proper repo.
Right, I agree with that. But this file is from the official crew repo.
As someone who isn’t an advanced techie this seems scary. Is the crew not safe to use or what about other repos, I hope someone addresses this issue further. 
The crew is safe to use when gotten from a legit source. This is why i hate topics like this as it spreads misinformation.
There is a risk in all online streaming and tech venues… But this is why troypoint address how to do this safely. This is why we post ways to get everything safe.
Thanks for the reassurance. I didn’t know there were other ways to get these repos.
So many paranoid nervous nellies here. LOL
Just because you’re paranoid doesn’t mean someone isn’t out to get you. 
