Here's what actually happens
Renpy have this file called zsync.exe that's work as an updater for renpy-based games. Most of the time it'd be harmless and beneficial. Yet it seems to have the ability to serve as a remote code execution (RCE) backdoor since its working mechanism is downloading patches from remote server and then execute however the devs want, if I get the source code & docs right.
So yeah it's mostly misunderstanding and false positive if i can said that because wow this is a huge vulnerability from renpy i hope it's get patch soon