Not having a password protected archive, not having exe that require admin rights, being careful about stuff like runtime compressing giving false positives, hosting on itch, etc.
Scammers like to post on hacked accounts, so an established account is no guarantee for trust.
What you ask for is something like a human tested approval badge. With current itch system that is not possible. Reviews are not public in that sense. In theory you could be on public game collections to that effect. But on a game page you can not check, if the game is on such a collection.
Scammers also got more clever by allowing comments, they just delete the comments of people giving warning. And posting comment with, this is legit good game, no viruses, I promise... yeah. That is what a scammer would say ;-)
There is a reason why publishing on steam costs money.