Thank you for the kind words. I didn't mean to just jump into things but I dislike when innocent game devs are falsely accused of malice when they use an open-source project that gets false-flagged by terrible antivirus vendors. Unfortunately there are many malicious (and ignorant) game devs out there who take advantage of PC and mobile gamers alike and attempt to surreptiously install trojans, spyware, malware, and/or crypto miner software. The worst I've seen is as I mentioned there are games that attempt to install malware/spyware and claim it is an 'anti cheat' kernel driver.
Although I'm not 100% certain as to ways to mitigate this, there's a few helpful links I found doing a quick search on it:
https://forums.malwarebytes.com/topic/284584-tameit-renpy-game-false-positive/
https://lemmasoft.renai.us/forums/viewtopic.php?t=41570
https://lemmasoft.renai.us/forums/viewtopic.php?t=61332
VirusTotal is not foolproof, nor does it update/configure each antivirus for optimal effectiveness. There's a correlation between how much money can be made (selling the data to security researchers and companies for example) and the bandwidth/scanning costs associated with doing things 'for free'. It is a moving target, basically.
As always if anyone gets detections in whatever antivirus/antimalware you use, please be kind enough to at least ask the game developer the what and whys before throwing accusations. If you are tech-saavy or know someone who is tech-saavy and possibly check network traffic with wireshark or through other methods, then you have a bit more to go on than gut feeling.
If any gamedev comes across this, just know that RenPy is an open-source toolkit for game developers to make visual novel games. There is no malware involved. Always get RenPy from the official website: https://www.renpy.org/
That's the DOT ORG domain, not .com or .net or anything else. When in doubt, search using a reliable search engine (I use Qwant.com) and then go to the website through that link instead of typing it in directly.