A big concern right now with addons is the amount of information the ESO API allows for them to see. The default UI has a very minimalist design to it which doesn't show on-screen a large amount of the data available at any given time.
For instance, here is a function from the API which an addon could use to see a lot of information about a unit casting a spell in the vicinity...
GetUnitCastingInfo(string unitTag)
Returns: string actionName, number timeStarted, number timeEnding, bool isChannel, integer barType, bool canBlock, bool canInterrupt, bool isChargeUp, bool hideBar
Some of the most important information this function returns includes:
- The name of the spell/action
- When the cast began
- When the cast will finish
- Whether the spell/action is channeled or a chargeup type spell
- If the spell/action can be interrupted
- If the spell/action can be blocked
The addon could then take some action(s) based on this information it has received...
However! It is incredibly important to realize....
By and large, the ESO API does not allow an addon to issue combat or movement commands for the player. So by itself, the addon is only capable of notifying the player of this information. In theory this prevents "cheating" or "botting".
Access to this kind of information does, however, make botting a fairly trivial task using an outside application. For example, you could make an addon which uses the above function to detect whenever a certain interruptable spell is being cast nearby and do something non-combat related in the UI, say place a 1 pixel pink square at a specific location on the screen. A program external to the game could be setup to look at that one pixel and enter some keypresses automatically whenever that pixel turns pink. Voila, you have an auto-interrupter. This
is cheating and could very easily get you banned.
The two most obvious ways to prevent this are to...
- implement tools to detect/police these external applications which use the legitimate API information to cross the line
or
- cut off the information at the source by removing addon access to the API functions which give the exploitable information to those external applications in the first place
The former would preserve access to those API functions for legitimate uses, but is much more difficult and invasive to pull off (the game would need detection algorithms and/or a sniffer application that can look at what is running on your computer outside of the game).
The latter would solve the problem for good, but deny a great deal of functionality to addons which would use the information legitimately.
Zenimax has stated that they will be taking a pretty firm stance on exploits of the API. They are very much against the idea of players feeling forced to get a certain addon in order to stay competitive in the game.
To address some of your specific concerns....
Addressed above
- Aggresive Guild-Autoinviting
Definitely possible with the API unless there is some sort of internal cap on invites/time
To my knowledge, nothing in the API has access to anything regarding your system information, so no worries there
Addons run locally on the client's computer reactive to "events" (player opened a vendor screen, player looted something, etc.) in the game. As far as I know, there are very few (if any) API functions that create events that are not local to the client and would need to be sent to the server. Even if there are and an addon was made to maliciously spam the server with events, it would probably take a lot of people all using the addon at the same time in one place to notice any effect on latency due to the enormous bandwidth the servers have.- Yes an addon could cause performance issues for the person running the addon
- No, it is very unlikely that an addon could create performance issues for other players