AVs throw these all the time, for all kinds of applications and tools. They're triggered by patterns and signatures in the executable that "may indicate malicious behavior", etc., heuristically. It's in the AV vendor's interest to be overzealous and have lots of false positives rather than to have a single accidental false negative.
