Evaluate Add-on Trust (2026 Framework)

14 min readCore Guide

Trust Evaluation in 5 Dimensions

Use all five dimensions together. A strong score in one area does not offset failure in another.

1. Source authenticity
2. Legal clarity
3. Privacy transparency
4. Maintenance quality
5. Operational reversibility

1) Source Authenticity

Minimum checks:

• Domain is exact (no lookalike typos)
• URL uses HTTPS
• Source is linked from a reputable channel (official docs, known maintainer, long-running community post)

💡 Tip

If you cannot trace where an add-on URL came from, treat it as untrusted by default.

2) Legal Clarity

Ask:

• Is the content source licensed or clearly lawful for your use case?
• Is the add-on marketed as bypassing paid services?
• Would you be comfortable explaining your use case to your ISP or employer?

If legal footing is unclear, assume elevated risk until proven otherwise.

3) Privacy Transparency

Check whether you can find clear answers for:

• What data is logged
• How long data is stored
• Whether data is shared with third parties

No policy is not neutral. No policy is a risk signal.

4) Maintenance Quality

Good indicators:

• Recent updates
• Responsive issue handling
• Clear changelog or community maintenance signals

Weak indicators:

• Abandoned threads
• Repeated outage reports with no maintainer response
• Version mismatch complaints left unresolved

5) Operational Reversibility

A trustworthy setup is reversible.

You should be able to:

• Remove the add-on cleanly
• Restore previous behavior quickly
• Keep your account usable across devices after removal

If setup instructions make rollback hard, classify risk higher.

Interactive Scoring

Add-on Risk Scorer

Check every statement that applies. This tool gives a conservative risk estimate for decision support, not legal advice.

Developer identity is unclear or anonymous Legal rights for streamed content are unclear No privacy policy or data practices are documented Install flow uses forced ads, popups, or notification prompts Addon requests unusual credentials or excessive permissions No maintenance history or community support signals Payment is requested before any transparent explanation Guide asks you to disable security features or run shell commands you do not understand

Current score: 0 / 160

Level: Low

Recommendation: Continue with standard caution and verify source links.

Reddit-Informed Red Flags

Frequently reported red flags:

• Fake site clones for known add-ons
• Urgent social posts pushing unverified links
• Claims of “lifetime premium everything” without source transparency

Decision Matrix

Use this policy:

• Low score + clear legal source + clear maintainer: acceptable with normal caution.
• Medium score: delay and verify through multiple sources.
• High score: do not install.

Related Pages

• Install & Remove Add-ons Safely
• Add-ons Explained
• Avoiding Suspicious Add-ons

Sources

• Stremio Addon SDK documentation
• Reddit: How to install addons (official/community behavior clarification)
• Reddit: Be aware (fake-site warning)