How do we know that it isn't malicious? The devs behind this project have been working on this project for years and tons of hard work has gone into this. Do you think they'd compromise all that just to infect your PC with a malware?
And regarding to what's causing it:-
Do you know how anti-virus scanners work? Anti-virus scanners are actually completely useless software. They only detect what is already known, actual viruses that are new are NOT detected. When someone figures out something is a virus, patterns are being made. These patterns are a sequence of certain bytes, for example E8 90 74 29 E9 02 28 92 whatever.
If this exact match is found somewhere, the anti-virus software thinks it is a virus. In our case, it is caused because we launch the game and we modify the game before it starts, so that you can play it. We need to modify the game otherwise you can't play Plutonium online, we need to do it to add features and to emulate the game.
Hence, a false-positive.