Games uploaded to itch.io are scanned for malware on the server side. On the one hand the scan can miss things, but on the other hand your antivirus can see malware where there isn't any, too, so it depends. See what other people say about those games, and if you find one that's really suspicious, please report it. Thanks.

tl;dr No, Itch is not secure. https://itch.io/t/3512426/itch-is-not-a-safe-place-do-not-download-things

The scanners Itch uses only detect the most obvious things. For all intents and purposes they are basically non existent.

It is self evident. You only see the indexed games, unless you used a direct link. Beware the try my game on discord scam. So the games did not register as malicious, else you would not see them.

But scammers see that too. So they know quite quickly, if their malware was cought or not and they will try again till they get indexed and know that this malware will not get detected and reuse that for more scams. I saw hundreds of malware projects. Often on hacked user accounts. As I said, from a user's perspective, the scanners might as well not exist. Sure, without those scanners it might be 10000 indexed malware instead of 1000 per year. But "scanned by Itch scanners" is telling you less than nothing about the safety of a file.  (Oh, and that 1000 is a lower bound estimate, based on actual observation)

So, there is malware on Itch. It is uploaded daily. Many on hacked accounts.

Even reported malware can take 6+ weeks to be taken down. (R-107095 for example. It is till up. It triggers half the scanners on virustotal). And unreported malware can be up for years. My personal "record" is about 2 years I believe.

R-107312 triggers only 4 scanners on virustotal - the Itch scanners obviously did not detect it, and no one worked on that ticket yet. Maybe they "have overlooked it" - or worse, my report is not believed. It is a downloader, so the really bad stuff is not yet in it. It also was reported about 6 weeks ago. It is still indexed. The game is stolen and was modified to include the malware. The original is on Steam.

Unfortunately I also have seen malware that did not trigger at all on virustotal. And even malware that was signed.

And doubly unfortunately, many game engines often do trigger false positives on virustotal. Godot is notorious for that. But also rpg maker, renpy and a lot of other things.

Conclusion: you cannot trust scanners. If in doubt, wait till you are no longer in doubt and play some web games, those run in the sandbox of your browser and should not be capable of doing harm.

Try to verify the developer, not only the executable. You should still be suspicious about any warnings, but in my experience it is best to establish trust to the developer. A game with a hundred ratings and an active community with comments and a talkative developer is highly unlikely to contain malware. A game that is free, has no comments and is a paid game on Steam is highly unlikely to be a legit project.

To lessen the risk, you can use a sandbox. The Itch app provides a poor man's sandbox on Windows. This should at least protect your browser's data, like login information, stored session cookies and so on.

The sad thing is, Itch is a great place for indie games to grow. Scammers rely on people trying out games. But games need to be tried out to get known. A whole scam method is even based on that, the try my game scam. So devs do not only have to overcome obscurity, but a necessary amount of suspicion.