I think the guys who are using direct tools are using the kodi exploit to download directly. If you read about kodi amazon you will know.
If the decryption plugin is installed for inputstream on kodi, is there temp output/buffer dumped to disk at all?